Business Blog
Tidying up: Decluttering the COPPA FAQs
Maybe it’s the influence of that best-selling book on home organization or perhaps the silos of stuff in our makeshift home offices are becoming more noticeable. Either way, people are in a decluttering mood – and we are, too. Our recent project: updating and streamlining Complying with COPPA: Frequently Asked Questions, known as the COPPA FAQs. But not to worry. The revisions don’t raise new policy issues and our COPPA Rule review continues. So when we say decluttering and reorganizing, that’s just what we mean.
Supplementing other compliance materials available from the FTC, the COPPA FAQs include staff’s informal take on the questions we hear from businesses and parents about the Children’s Online Privacy Protection Rule. The overall advice remains unchanged. On their homepages and wherever they collect personal information from kids, COPPA-covered entities must post a clear link to a privacy policy explaining how they handle personal information collected from children under 13. Before collecting COPPA-covered information, they must notify parents directly about their practices and get parents’ express consent. They must honor parents’ ongoing rights to review the information collected from their kids, revoke their consent, refuse further collection or use of the data, or delete the information at parents’ request. And they must implement and maintain appropriate information security procedures.
So what’s different in the revised FAQs? It’s more a matter of streamlining and reorganizing to make the document easier to use, but here are some highlights.
Many of the FAQs dealt with the transition from the old COPPA Rule to what people thought of as the “new” Rule. The amended COPPA Rule has been in place for seven years, so we’ve deleted some FAQs and revised others that addressed that transition.
We’ve also made structural changes with an eye toward avoiding duplication and boosting clarity. For example, we reorganized where we address questions about mixed audience sites and added some information about how to differentiate between a mixed audience and a general audience site. (That used to be in a separate publication.) We’ve also created a new section to consolidate questions about ad networks and other third party plug-ins.
In addition, the revised FAQs reflect how much has changed since we first posted the document. They incorporate guidance from elsewhere on our website reflecting technologies like connected toys and the Internet of Things, the FTC’s Enforcement Policy Statement on COPPA and audio recordings, the YouTube case, the inMobi case, and new methods of verifiable parental consent approved by the FTC. We’ve also answered some questions we’ve heard about age gates.
The COPPA FAQs are designed to be revisable and updatable based on your questions. Continue to send questions and comments to our COPPA mailbox, CoppaHotLine@ftc.gov.
It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.