FTC Updates COPPA Guidance for Businesses

On June 21, 2017, the FTC updated its COPPA Compliance Guidance for businesses. The new guidance includes new descriptions of services and products covered by COPPA, and new methods for obtaining parental consent.

Though the guidance is new, the subjects of the guidance generally are not; for example, “internet-enabled location-based services” have long been within the ambit of COPPA because geolocation information has long been part of the definition of “personal information” of children that COPPA regulates. However, the new guidance, confirms the FTC’s continued interest in these areas.

So what are the FTC’s declared areas of focus?

  1. Voice-activated devices that collect personal data, including location data. As we have written, Amazon’s Alexa and similar devices are creating a host of unresolved privacy issues. The FTC now adds to that list the potential that voice-activated devices may collect data from children without parental consent.
  2. Internet-connected toys. This inclusion is particularly interesting given the March 2017 filing of a complaint with the FTC by privacy advocates regarding internet-connected dolls. More broadly, this should be seen to signal continued interest in any part of the Internet of Things that the FTC may consider to be child-directed.
  3. Parental consent based on authentication questions and facial recognition. These too are not new, because the COPPA Rule allows new parental verification methods to be proposed and added, as we have noted.
  4. These updates reflect the FTC’s efforts to keep pace in regulating a space that is moving very quickly. The rapid proliferation of connected devices is creating COPPA issues with a large number of services that, at first blush, might not be considered directed to children (although, as we have stated repeatedly, COPPA compliance matters for general audience websites, too). The guidance signals that the FTC expects those offering all of these services to examine their policies and take the necessary COPPA precautions.

One thought on “FTC Updates COPPA Guidance for Businesses

  1. Good decision. I think Voice-activated devices are very much insecure for anybody. They can steal your voice, steal your personal data without any permission. So it should be stopped anyhow. And finally, FTC take the steps to stop them. Thanks in this case. 🙂

Leave a Reply to Michael@michaelhcohen.com Cancel reply

Your email address will not be published. Required fields are marked *