Safe Harbors Under the Children's Online Privacy Protection Rule8 Sep, 2011 By: Cathy Polisoto, Jeffrey Richter
Congress enacted the Children’s Online Privacy Protection Act (COPPA) on October 21, 1998. The purpose of COPPA is to prohibit unfair or deceptive acts or practices in connection with the collection, use or disclosure of personally identifiable information from and about children under 13 on the Internet. The Federal Trade Commission (FTC) issued a final rule implementing COPPA on April 21, 2000.
COPPA has a provision pursuant to which an operator of websites or online services directed to children (or an operator who has actual knowledge that the person from whom it seeks information is a child) can submit an application for a safe harbor to the FTC for approval. A safe harbor means that if an advertiser follows certain FTC-approved guidelines, the advertiser will be deemed to be in compliance with the rule and should therefore be able to avoid an enforcement action for violations of the rule. To receive safe harbor treatment, an operator can comply with any FTC-approved guidelines; the operator need not independently apply for approval if the operator complies with FTC-approved guidelines that are applicable to the operator’s business.
The FTC has previously granted four applications for safe harbors, which may be accessed at http://business.ftc.gov/print/1550. Aristotle Inc. is the company that most recently filed an application for safe harbor guidelines to be approved by the FTC. The FTC extended the public comment period on Aristotle’s application to August 15, 2011. Following is a brief summary of Aristotle’s program requirements.
Member companies must agree to abide by the program requirements, a set of guidelines that regulate how member companies collect, use and disclose personal information from children 12 years old and under. By following the program requirements, visitors to websites operated by a member company are assured that:
• Notice will be provided to the child’s parent about the website’s information practices and prior verifiable consent will be obtained before collecting personal information from children
• The child’s parent will be given the choice to consent to the collection and use of their child’s personal information for internal use by the website, and the parent will be given the opportunity to elect not to have their child’s personal information disclosed to third parties
• The parent will be provided with access to their child’s personal information, and given the ability to delete the information and opt out of the future collection or use of the information
• The child’s participation in an activity will not be conditioned on the child’s disclosure of more personal information than is reasonably necessary for the activity
• Member companies will maintain the confidentiality, security, and integrity of the personal information they collect from children.
Any firm that markets online to children should be aware of COPPA and should consider conferring with counsel and tailoring its information-collection practices to comply with an approved safe harbor.
Jeffrey Richter is a partner and Cathy Polisoto is an associate at Los Angeles-based Finestone & Richter. They can be reached at (310) 575-0800, or at email@example.com and firstname.lastname@example.org.