On May 15, 2013, the Federal Trade Commission announced that it sent educational letters to over 90 businesses that appear to collect personal information from children under the age of 13, reminding them of the impending July 1 deadline for compliance with the updated Children’s Online Privacy Protection Rule (the “Rule”). The letters were sent to domestic and foreign companies that may be collecting information from children that is now considered “personal information” under the Children’s Online Privacy Protection Act (“COPPA”) but was not previously considered “personal information.” The definition of “personal information” under COPPA was expanded to include (1) photos, videos and audio recordings of children; and (2) persistent identifiers that may recognize users over time and across various websites and online services (e.g., cookies and IP addresses).
While the FTC did not officially analyze any of these companies’ practices, the letters demonstrate that the FTC will not delay enforcement for companies whose practices are not in compliance with the updated Rule by July 1, 2013. The FTC did mention, however, that it will exercise prosecutorial discretion in enforcing the Rule, particularly with respect to smaller businesses that have attempted to comply in good faith soon after the deadline.
View the text of the updated COPPA Rule and our previous post on the updated Rule.