I read a story in POLITICO by Jessica Meyers the opening line of which was "Mickey Mouse could use more lawyers." The story involved the online industry's reaction to the quickly upcoming date for the implementation of new expanded rules of the Federal Trade Commission's oversight of the "Children's Online Privacy Protection Act" (COPPA).
In this space we have talked about COPPA and the FTC's long time push to update the regulations which was originally passed in 1998 to try to ensure privacy rights on children online. Three years ago the FTC began the process of updating the original regulations to better represent the internet world that exists today, with its Facebook and social networks The new regulations control what information websites may gather about minors who visit their sites and then only with explicit parental permission.
The online industry has fought tooth and nail to limit the expansion of the rule to include new definitions of children's "personal information" to include photos, videos, or sounds of children and also to include what the FTC labels as "persistent identifiers" such as cookies and mobile device IDs that can track children over time and across apps.
Even though this process has been going on for more than three years in a very pubic and transparent way, the industry through its various organizations is saying it is causing member companies huge amounts to add lawyers to interpret the rule changes and programmers and others to comply with its provisions. They complain the new rule is too vague and they do not know for sure what it covers. If they do not get more time, they argue, many websites geared to children will simply be taken down.
Under the COPPA Rule revisions, a site that collects personal information from children, and does not fall under an exception, would need to get prior parental consent. The industry wants these exceptions expanded.
In something of a significant new development, the FTC has recently sent letters to about 90 mobile app developers, stating that in an initial FTC review, their apps appear to "collect" images or sounds of children and thus may violate the upcoming COPPA rule changes. No actual wrongdoing is cited; rather the FTC says the app developers should review their apps, policies, and procedures.
The FTC’s letters make clear that the Commission has not determined that the apps would violate the revised COPPA Rule. But clearly these app developers are being told FTC will be looking closely at these companies, and the apps they are developing, once the revised Rule takes effect.
In the past sites like Facebook have argued that should not be held responsible for collecting data on minors who lie about their ages to get onto the site. The FTC has tried to respond by lowering the age covered by COPPA to younger than 13. That is why Facebook, for example, limits it's "membership" to those 13 and older. But the problem for the sites still exists. What is Facebook to do, for example, when a mother complains to the FTC that her 10 year old who lied about his or her age is having personal identifiers collected by the site?
Violating COPPA is no small matter. The penalties for not complying are severe. Recently, the app firm Path.com settled with the FTC for $800,000 for COPPA violations. In 2011 Disney settled with the FTC for $3 million for COPPA rules violations on the site Playdom.com. In addition the FTC can require a company to conduct expensive compliance audits for 20 years.
It will be interesting to see what happens between now and July 1 and thereafter.