The Federal Trade Commission (FTC) has updated its guidance applicable to the Children’s Online Privacy Protection Act (COPPA) to reflect developments in the digital advertising ecosystem and a burgeoning Internet of Things marketplace. The Guidance revises its six-step compliance plan to keep current with developing technology.
The Guidance, which had existed in substantially the same form since 2015, contains three new updates relating to new methods for obtaining parental consent, new products covered by COPPA, and new business models.
First, the Guidance describes two methods for obtaining verifiable parental consent modeled after proprietary methods approved by the FTC for compliance providers Riyo and Imperium. App or website providers may now obtain verifiable parental consent by requiring a parent to:
- answer a series of knowledge-based challenge questions that would be difficult for someone other than the parent to answer; or
- verify a picture of a driver’s license or other photo ID submitted by the parent and then comparing that photo to a second photo submitted by the parent, using facial recognition technology.
Second, the Guidance makes clear that COPPA applies not only to websites and mobile apps, but also to the growing list of connected toys and other products intended for children. The updates also clarify that when an app, website, or device is not primarily targeted toward children but is still “directed toward children” under the FTC’s test-triggering COPPA applicability considerations, the provider of that app, website or device may choose to comply with COPPA for only those users under age 13. The guidance cautions, however, that if a provider adopts such an approach, the provider must verify users’ ages before collecting any other data from them.
As the Guidance makes clear, the FTC will examine a number of factors in determining whether an app is “directed toward children,” including “the subject matter of the site or service, visual and audio content, the use of animated characters or other child-oriented activities and incentives, the age of models, the presence of child celebrities or celebrities who appeal to kids, ads on the site or service that are directed to children, and other reliable evidence about the age of the actual or intended audience.”
Finally, the Guidance reminds companies that COPPA may apply to new business models that include collecting personal information from voice-activated devices.
In short, these updates are a reminder to companies to be ever-vigilant regarding their compliance efforts with respect to new technologies that expand the functionality of toys and other interactive devices.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.