In response to additional questions regarding the new COPPA regulations, the FTC has continued to review and update its COPPA FAQs. One question asks whether verifiable parental consent is required where a child can share artwork and a message on social media sites created on a child-directed app, even though the app does not collect the artwork. The FTC indicated that “collection” includes requesting, prompting or encouraging a child to submit personal information online, and enabling a child to make personal information publicly available in identifiable form. As such, the app must obtain verifiable parental consent before enabling children to share personal information in this manner, even though the information is used by third parties on the app. Companies have also been grappling with where an ad network – as opposed to a website operator - would have “actual knowledge” that a website is directed towards children if it received the information from a third party who indicates that the websites are child-directed. The FTC determined that receipt of a list of purportedly child-directed Web sites alone would not constitute actual knowledge, but receipt of additional information such as screen shots may suggest that the ad network now has actual knowledge of a child-directed website. According to the FTC, if an ad network receives information and it is uncertain whether the site is child-directed, it may ordinarily rely on a specific affirmative representation from the Web site operator that its content is not child-directed. For this purpose, a Web site operator would not be deemed to have provided a specific affirmative representation if it merely accepts a standard provision in the ad network’s Terms of Service stating that, by incorporating the ad network’s code, the first party agrees that it is not child directed. Finally, another question asked whether ad networks would benefit by participating in systems where first-party sites could signal that they are directed towards children. The FTC stated that this system could provide a benefit to ad networks in limited circumstances: if the system requires the first-party site to affirmatively certify whether it is “child-directed” or “not child-directed,” the ad network could rely on the representation that the site is “not child-directed.” But the FTC cautioned that ad networks could only rely on this representation if first party affirmatively signals that its sites or services are “not child-directed,” but not if that option was set for them as the default. Notwithstanding this system, the FTC urged caution due to the possibility that ad networks may still get other items outlined in the Rule that would give the ad network actual knowledge of the “child-directed” nature of the website.
TIP: Companies may still be required to obtain verifiable parental consent when including social media plugins on their apps. Although exceptions exist, it is important to determine the information being collected and how it is being used to determine whether parental consent is required. Additionally, ad networks may not be deemed to have had actual knowledge of a child-directed website merely by receiving a list of websites from a third party or via participation in website notification system. That said, receipt of screenshots of a website or other information may supersede receipt of lists or participation in a system, to ultimately determine whether a website is directed towards children.