July 1 COPPA Compliance Deadline is Approaching

By Cynthia J. Larose

Written by Julia Siripurapu

Today, the FTC sent more than ninety (90) "educational" letters to domestic and foreign businesses whose Web sites and online services (including mobile apps) appear to collect personal information from children that are 12 years old and under, in an attempt to help the businesses come into compliance with the amendments to the Children’s Online Privacy Protection (COPPA) Rule (the “Amendments”), going into effect on July 1.

Copies of each one of the four (4) form letters may be found below:

  • Letter to Domestic Companies That May Be Collecting Images or Sounds of Children
  • Letter to Domestic Companies That May Be Collecting Persistent Identifiers from Children
  • Letter to Foreign Companies That May Be Collecting Images or Sounds of Children
  • Letter to Foreign Companies That May Be Collecting Persistent Identifiers from Children

The FTC urged letter recipients "to review your apps, your policies, and your procedures for compliance."

The agency also hinted that it will give credit to companies just for making an effort. "As with all our enforcement activities, the Commission will exercise its prosecutorial discretion in enforcing the COPPA Rule, particularly with respect to small businesses that have attempted to comply with the Rule in good faith in the early months after the Rule becomes effective," the letter stated.

The FTC also set up and maintains an e-mail hotline, where companies can ask FTC staff questions about how to comply with the Amendments.

The penalties for violating COPPA can be steep. In February 2012, social networking app Path agreed to pay $800,000 to settle FTC allegations that it wrongly collected personal information from children. And in October 2012, Artist Arena, the operator of fan websites for music stars such as Justin Bieber shelled out $1 million to settle FTC charges that it improperly collected personal information from children without parental consent.

Other prior COPPA penalties include $1 million paid by  Sony BMG Music Entertainment in 2008, and $1 million by social networking Web site Xanga.com in 2006.

As we move towards July 1 and the COPPA compliance deadline, please contact any member of the Mintz Levin privacy team with questions regarding your company's compliance efforts.

Subscribe To Viewpoints

Published

Viewpoint Topics

Professionals

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.