Privacy & Information Security Law Blog

On August 1, 2012, the Federal Trade Commission announced that it is seeking public comments on additional proposed modifications to the Children’s Online Privacy Protection Rule (“COPPA Rule” or “Rule”). According to the FTC, the second-round revisions modify certain COPPA Rule definitions to “clarify the Rule’s scope and strengthen its protections for the online collection, use, or disclosure of children’s personal information.” The FTC developed these new definitions after reviewing the 350 public comments submitted in response to the Commission’s September 2011 proposal to amend the Rule.

Specifically, the FTC has proposed revising the following definitions:

• Operator: The FTC proposed adding a provision that “[p]ersonal information is collected or maintained on behalf of an operator where it is collected in the interest of, as a representative of, or for the benefit of, the operator.” This modification would hold responsible as co-operators both child-directed sites or services and third parties, such as advertising networks or downloadable plug-ins, that collect information through child-directed sites and services.
• Website or online service directed to children: The proposed revisions clarify that a website or online service that knows or has reason to know that it collects personal information from children through a child-directed website or online service would be considered to be “directed to children.” Nonetheless, the revisions limit the definition to a commercial website or online service that: (1) knowingly targets children as its primary audience; (2) is likely to attract children based on its content; or (3) is likely to attract a disproportionately large percentage of children based on its content, although it will not be considered so if it (a) does not collect personal information from any visitor prior to collecting age information; and (b) prevents the collection, use or disclosure of personal information from children without first obtaining verifiable parental consent. These proposed modifications would permit a website or online service designed for a broad audience to comply with COPPA without having to treat all its users as children.
• Personal information: The FTC revised its initial proposal to include screen or user names as personal information, instead limiting the definition to screen or user names which function in the same manner as online contact information. Additionally, the revision clarifies that a “persistent identifier,” such as an IP address or customer number held in a cookie, will be deemed personal information if it can be used to recognize a user over time or across different sites or services, where it is used for purposes other than “support for internal operations.” The FTC modified its definition of “support for internal operations” to include activities such as site maintenance and analysis, performing network communications, authenticating users, maintaining user preferences and protecting the security and integrity of the user or website as long as the information is used or disclosed to contact a specific individual or for any other purpose.

Public comments on the proposed COPPA Rule will be accepted until September 10, 2012.

Update: The FTC has extended the deadline to submit public comments until September 24, 2012.