The FTC sent “educational” letters to more than 90 online companies including providers of mobile applications in order to warn each company that it may be subject to the revised Child Online Privacy Protection Act (COPPA) Rule because it is collecting personal information from children under the age of 13. The letters, available at, were sent to both domestic and foreign companies. If your company received one of these letters and you are not yet COPPA compliant, you should be undertaking an immediate review of your app(s) and/or website and your policies and procedures for compliance.

The FTC adopted changes to the COPPA Rule in December of 2012, which expanded the definition of personal information to include not only a child’s name or address, it also includes photos, videos, audio recordings, and persistent identifiers such as user names, cookies, or mobile device identification numbers that can be tracked across web sites. Prior to collecting the personal information of children, companies must obtain verifiable parental consent and follow new data security requirements in accordance with the COPPA Rule. Companies have until July 1 to comply with the Rule.