On July 1, 2013, following the Federal Trade Commission’s (FTC) adoption of the final amendments, the updated Children’s Online Privacy Protection (COPPA) Rule went into effect. The amended COPPA rule strengthens privacy protection for minors under 13 years of age in connection with their use of websites and mobile apps. The amended COPPA Rule also gives parents an increased role in their children’s online activities (including via mobile devices). Without limitation, the COPPA Rule:
- modifies the list of “personal information” that cannot be collected without parental notice and consent;
- offers companies a voluntary approval process as a new method of obtaining parental consent;
- prohibits third parties from collecting personal information from children through plug-ins without parental notice and consent;
- extends the COPPA Rule to cover persistent identifiers that can recognize users over time and across different websites or online services;
- requires that covered website operators and online service providers take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential;
- requires that covered operators adopt reasonable procedures for data retention and deletion; and
- strengthens the FTC’s oversight of self-regulatory safe harbor programs.
California Bill Fills Age Gap in COPPA
We’ve previously described California’s new data privacy bill that places strict requirements on operators of websites and other online services that collect certain information about California residents. In addition, the California Bill provides COPPA-like data privacy protections for minors under the age of 18. The California Bill, which will go into effect on January 1, 2015, appears to have influenced some of the lawmakers in Delaware.
Delaware’s COPPA Gap Filler
On March 18, 2014, Delaware House Representative Darryl Scott introduced a new Delaware Bill that, in many ways, tracks the California Bill and provides COPPA-like protection to minors under the age of 18. The Delaware Bill seeks to establish an improved age verification system and restrict website operator’s collection of personal information and advertising of restricted products (fireworks, alcohol, etc.) from/to minors under 18 years of age.
While not as strict as the COPPA Rule requirements, both the California and Delaware bills should be heeded, as they apply to all minors, not just those under 13 years of age (to which COPPA presently only applies). Once effective, those that fail to comply could find themselves facing regulatory action, which could result in significant fines.