The Federal Trade Commission (FTC) announced that it has updated its COPPA Compliance Plan to specifically cover toys intended for children. COPPA requires website operators and online services to obtain verifiable parental consent before collecting any personal information from children 12 years or younger. The FTC’s updated guidance, however, clarifies that certain web-enabled products directed to children under 13 with Internet of Things functionality may also be subject to COPPA. Internet of Things devices can include connected toys that collect personal information, such as voice recordings or location data.
The FTC looks at a variety of factors to see if a site or service is directed to children under 13, including the subject matter of the site or service, visual and audio content, the use of animated characters or other child-oriented activities and incentives, the age of models, the presence of child celebrities or celebrities who appeal to kids, ads on the site or service that are directed to children, and other reliable evidence about the age of the actual or intended audience. If your website doesn’t target children as its primary audience, but is “directed to children under 13” based on those factors, you may choose to apply COPPA protections only to users under age 13. If that’s what you decide to do, you must not collect personal information from any users without first collecting age information. For users who say they are under age 13, don’t collect any personal information until you have obtained verifiable parental consent.
In addition to specifically including "connected toys or other Internet of Things devices," the FTC’s Compliance Plan includes a broad list of commonly available services, such as "mobile apps that send or receive information online (like network-connected games, social networking apps, or apps that deliver behaviorally-targeted ads); internet-enabled gaming platforms; plug-ins; advertising networks; internet-enabled location-based services; and voice-over internet protocol services."
For more information on the FTC’s COPPA Compliance Plan, click here or review COPPA Privacy Rule at 16 CFR 312.