justice scale justice scale justice scale

McKenna Minutes

“The life of the law has not been logic; it has been experience.”

-Oliver Wendell Holmes, Jr.

FTC Updates COPPA Compliance Plan to Include Internet-Connected Toys

FTC Updates COPPA Compliance Plan to Include Internet-Connected Toys

The Federal Trade Commission (FTC) recently updated its COPPA Compliance Plan for businesses. The Children’s Online Privacy Protection Act (COPPA) protects the privacy of children using websites and online services. Operators of websites and online services that collect personal information from kids under age 13 are covered by the Act. Failure to comply with COPPA can result in civil penalties up to $40,654 per violation. To assist business covered under COPPA, the FTC has published a 6-step compliance plan. In response to changing technologies in the marketplace, the FTC recently updated this plan.

6-Step COPPA Compliance Plan

The FTC 6-Step Compliance Plan consists of the following:

  1. Determine if your company is a website or online service that collects information from kids under 13
  2. Post a privacy policy that complies with COPPA
  3. Notify parents directly about your information practices before collecting personal information from their kids
  4. Get parents’ verifiable consent before collecting personal information from their kids
  5. Honor parents’ ongoing rights with respect to personal information collected from their kids
  6. Implement reasonable procedures to protect the security of kids’ personal information

The FTC also provides a useful chart outlining exceptions to the verifiable consent requirement.

Updates to the Compliance Plan

The updated compliance plan clarifies that COPPA does not only apply to websites and mobile apps but can also apply to internet-connected toys. Similar to products in other areas, children’s toys have become part of the internet of things. Toys such as Cloud Pet and Hello Barbie are capable of connecting to the internet while they are played with by their owners. The FTC compliance plan indicates that COPPA applies to internet-connected toys if those toys collect personal information.

The updated plan also provides two additional methods for obtaining parental consent as required by the Act.

  1. Asking knowledge based questions – These questions should be dynamic, multiple-choice questions, with an adequate number of possible answers such that the possibility of guessing the correct answer is low. The questions should also be difficult enough that a child 12 or under could not reasonably ascertain the answers.
  2. Using facial recognition to get a match with a verified photo ID – This verification method requires that a parent provide a picture of a government-issued identification along with a live-capture of the parent’s face.

These updates respond to changes in the market based on new technology and are an extremely useful guide to businesses that believe they may be subject to COPPA.

If you have any questions concerning COPPA compliance, or any data privacy and security matter, please contact Tim Hayes at McKenna Storer.

This content was originally posted on Tim Hayes’ LinkedIn profile.

Categories Privacy and Data Security Litigation

Leave a Reply

You must be logged in to post a comment.

Here to help with whatever your legal issues may be, schedule your no-obligation consultation or Simply Call us at.
Chicago: (312) 558-3900 or Woodstock: (815) 334-9694

  • Hidden
  • Hidden

Please do not send confidential information via email. The sending of information by you, and the receipt of it by McKenna Storer, is not intended to, and does not create a lawyer-client relationship.

Privacy Policy | Sitemap © 2021 McKenna Storer
Show Buttons
Hide Buttons