On April 25, 2013, the FTC provided additional guidance in relation to the revised COPPA Rule, set to go into effect July 1, with a detailed set of FAQs. Members of the business community have been calling for a delay in the effective date of the revised rules, so that businesses could have more time to get better acquainted with the rules.
The most important revisions to the COPPA rule involve new definitions for key terms, such as “operator,” “website directed to children,” and, “personal information”; parental notice and consent mechanisms; confidentiality and security requirements; and safe harbor provisions. The FAQs address each one of these topics, but extensively focus on verifiable parental consent and secure parental consent mechanisms. The FAQs provide several acceptable methods for obtaining verifiable parental consent, including obtaining written consent in a hard copy form, requiring a monetary transaction that notifies the primary account holder, and “email plus,” which requires the parent to affirmatively reply to a verification email and provide additional information to verify that they are the child’s parent/guardian. Additionally, the FAQs provide color to provisions on geolocation data, an area that has grown tremendously since the first COPPA rules were promulgated in 1999.
COPPA compliance will, indeed, require careful legal guidance and diligent oversight by companies that operate websites directed to children, but the FAQs provide helpful guidance to assist such entities reach this goal.