Last week, the FTC announced approval of a new Safe Harbor Program under the Children’s Online Privacy Protection Act (COPPA), called iKeepSafe. The program was created by the Internet Keep Safe Coalition, a nonprofit organization that describes its goal as the “creation of positive resources for parents, educators and policymakers who teach youths how to use new media devices and platforms in safe and healthy ways.”
The COPPA Rule affords some flexibility in compliance through use of a safe harbor provision, 16 C.F.R. § 312.10. The provision allows that operators – that is, persons who operate websites or online services that collect personal information from kids – will be deemed to be in compliance with COPPA if they comply with “self-regulatory guidelines.” These guidelines must first be approved by the FTC and must “implement substantially similar requirements that provide the same or greater protections for children” as does the COPPA Rule itself, as well as provide mechanisms for independent assessment of operators’ compliance with the guidelines and disciplinary provisions for noncompliance.
The Rule requires the FTC to announce guideline applications in the Federal Register and solicit public comments. In the case of iKeepSafe, the applicant modified its application in response to comments that its language was overly permissive. Following the changes, the FTC was satisfied that the new language was sufficiently mandatory to comply with the Rule.
Operators should bear in mind that there are several paths to COPPA compliance; iKeepSafe is one of seven approved programs listed on the FTC website. As the digital environment changes – particularly because COPPA applies to mobile apps and games as well as to traditional websites – it is important for operators to have a clear plan for compliance at all times. These existing safe harbors allow operators to achieve compliance without having to recreate the wheel.