Online content providers – including websites and apps – need to add something to their 2013 To-Do list.

[caption id="attachment_1051" align="alignright" width="320" caption="It covers you, too"][/caption]

Beginning July 1st, the Federal Trade Commission’s new rules under the Child Online Privacy Protection Act (“COPPA”) will apply covering more online services. While the new rules have been criticized as “a mess," they still apply. Most business-related online providers have assumed that COPPA and its related rules have not covered them, because they do not direct activities at children. However, if your stationery store has Barbie Notepads or fuzzy gnome erasers, their online presence could bring them under the COPPA requirements, such as having parental consent and disclosure requirements.

Here is a quick summary of the new changes:

More Online Providers. Probably the most important change is that more online providers are covered. Rather than just the child-focused websites, all online providers (which includes apps) that have even a small amount of content directed at children are subject to the COPPA rules.
Third Parties Covered, Too. If your website or app relies on advertising from third parties who might be able to collect information about children, those third parties are covered as well.
Personal Information is EVERYTHING. Personal information about a child is more than their name, address, email address, or birthdate – it is anything about them. Thus, anything that can be used to discover something about the child has to be protected: screen or user names, geolocation info, browser and flash cookies, device identifiers, internet messaging IDs, javascript “tags” – basically, anything, other than those used for the internal operations of the provider.

Not all the changes are negatives for the online providers. The FTC has tried to streamline the online notices required to parents, although it remains to be seen whether this will be sufficient. Online providers, at least for now, will not be required to explain how children’s data is protected.
Strict Liability. An online provider is strictly liable for any breach of COPPA’s provisions. This includes, beginning in July, those who are working on behalf of the provider, but not controlled by the provider. While the online industry largely opposed this extension, privacy groups won the battle. The takeaway for smaller online providers is to make sure – very sure – that the organization that is monetizing your content through advertisements or the like is following the new COPPA provisions.

[caption id="attachment_1049" align="alignleft" width="231" caption="We never regulated websites back in the 70's. (c) 2008, photo courtesy of Matt Becker, Weatherman90 at en.wikipedia, Wikipedia Commons"][/caption]

The FTC has provided a lengthy 167-page analysis of its reasoning for the new rules. If you are an online provider, you need to review these new rules to see how they apply to you and your technology. Bay Oak Law will be here to assist, if necessary.