New COPPA FAQs: You asked, we answered
If you’re the COPPA cop for your company or clients, you know that Complying with COPPA: Frequently Asked Questions (A Guide For Business And Parents And Small Entity Compliance Guide) – close friends call ‘em The FAQs – are an indispensable resource. When FTC staff revised the FAQs a few months ago to reflect changes to COPPA that took effect July 1, 2013, we promised to update them as questions arose. And we’re making good on that promise.
As a preliminary matter, FAQ watchers have noticed a slight change in format. Rather than just numbering questions sequentially, we’ve divided them by topic (for example, Geolocation Data or Verifiable Parental Consent) and renumbered them within each category. Of course, businesses that are new to COPPA will want to check out all the FAQs. But the new structure makes it easier for dab hands to drill down to the issue that found its way to your in-box this morning.
What’s new in the July 2013 update to the FAQs?
Share buttons. FAQ D.9 makes it clear that if your app includes embedded buttons or plug-ins that allow kids to send email or otherwise post information (via a social network for example), you need to get verifiable parental consent unless an exception applies. This is true even if your app doesn’t otherwise collect personal information.
Actual knowledge. We get a lot of questions about COPPA’s “actual knowledge” standard. FAQs D.10, 11, and 12 offer guidance on how you might be considered to have “actual knowledge” that you’re collecting personal information on a child-directed site. The new FAQs address some of the fact patterns you may be wrestling with right now.
Information collected from a child-directed site. FAQ K.2 poses the hypothetical of a person who operates an ad network and finds out after the effective date of the Rule that he’s been collecting personal information via a child-directed website. Unless an exception applies, he must stop collecting the information immediately and needs to get verifiable parental consent before using any personal information he now knows came from that child-directed site or service. What if he doesn’t know the source of the information? The FAQ addresses that scenario, too, and discusses some best practices.
Do you have a COPPPA question not addressed in the FAQs? Email us as COPPAHotLIne@ftc.gov. Have you checked out these other new resources: Children’s Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business and a 6-minute video that outlines the changes that took effect on July 1st?