COPPA Compliance Seem Like “Mission Impossible”? DMA Has Your Back…
On July 1, 2013, sweeping new regulations for marketing to children take effect. In updating the Children’s Online Privacy Protection Act (COPPA) Rule – the regulation that has governed online marketing to kids for fifteen years – the Federal Trade Commission (FTC) has extended its reach to new businesses and new information.
Even if you were safe from the jaws of COPPA in the past, you may not be in this brave new regulatory world. Here are few reasons why…
- Under the revised rule, the definition of “personal information” has been expanded to include photos, videos and audio recordings of children, as well as persistent identifiers that can recognize users over time and across different web sites and online services. Persistent identifiers can range from online user names to cookies or mobile device ID numbers.
- Taken together, the amendments extend the reach of the COPPA Rule to a range of data practices and data-collecting entities that were not previously subject to COPPA. In particular, the Final Rule makes first-party operators liable for third-party data collection activities that benefit the first party. Third parties will also be liable if they have actual knowledge that they are collecting personal information on a site or service that is directed to children.
To make matters worse, the FTC denied the marketing community’s request to delay the implementation of the new COPPA Rule. DMA led the business community in sending a letter asking the FTC to extend the deadline by six months (July 1, 2013 to January 1, 2014) so that companies wouldn’t be left in the lurch trying to adapt systems and processes in a very short time-frame. The FTC’s response: no dice.
As if that wasn’t bad enough, the FTC has sent letters to more than 90 businesses that may be affected by the changes – companies whose online services, including mobile applications, appear to collect personal information from children under 13, as defined by the revised rule. The FTC issued one letter to domestic companies that may be collecting images or sounds of children and another letter to domestic companies that may be collecting persistent identifiers from children. Though it said that the letters did not reflect “an official evaluation of the companies’ practices by the FTC,” they were clearly designed to raise the profile of the new COPPA Rule and press businesses come into compliance with the rule’s requirements by July 1.
But it’s not time to panic just yet. As always…DMA is here to help! Last week, DMA hosted a webinar for hundreds of marketers concerned with how their businesses will come into compliance with the new COPPA Rule in time for the July deadline. During the session, experts from DMA and Venable walked through the COPPA Rule changes and answered questions about how to stay on the right side of the regulators. You weren’t able to make it? We’ve still got your back. You can get all the information and insights you need by taking a look at the webinar recording or the PDF of the presentation.
And we’re not done fighting either. There are still some unanswered questions about how to comply with certain aspects of the new Rule, and DMA is working closely with its member companies and the FTC to close the loop on those as quickly as possible. Reach out to me (Rachel Nyswander Thomas) or Jerry Cerasale with your COPPA questions and we’ll help you find the answers that turn this “mission impossible” into “mission accomplished.”