October 25, 2020

Volume X, Number 299


October 23, 2020

Subscribe to Latest Legal News and Analysis

Back to School Special: Is My Multi-Age Platform Subject to Child Protection Requirements?

In our online world, one of the challenges (and opportunities) for companies is the increased use of their websites, apps, and connected devices. For platforms directed to both adults and children, or platforms previously directed to adults which would like to now also direct their services to children, the FTC’s recently streamlined FAQs, and ICPEN’s guide (both of which we introduced earlier this week) can help companies in this space. The information is particularly helpful for those that were aimed mostly toward adults, and are now shifting their business plans to direct products or services to children as well.

First, an important reminder from both the FTC and ICPEN is that “online” privacy considerations for children do not just apply to websites, but apply to all connected services, including smart toys and applications. Second, we turn to examining if the platform is subject to COPPA or other child protection considerations. Platforms are subject to COPPA if they are “directed to children.” The FTC’s FAQs lay out factors from the COPPA Rule that the FTC will examine, including the age of people who appear on the site, the language used on the site, music or other content, and more. (FAQ D(1)). ICPEN uses similar factors, including the nature of the marketing content, the placement of the marketing and the audience and the use and appeal of the product or service.

For platforms that have both adults and children visitors, the question is thus whether or not it is directed to children. It is not, according to the FTC, just because some children happen to visit. That is a general audience platform, and the FTC’s perspective is that COPPA would not apply unless the company has actual knowledge of the child’s age. (FAQ H(1)). On the other hand, “mixed audience” sites are those that, for example, have both adults and children and one of the “intended audiences” are children. (FAQ D(3)). These mixed audience websites, the FTC makes clear, are still subject to COPPA. As such, requirements like obtaining prior parental consent (unless an exception exists), having appropriate notices, and the like, will apply.

Putting it into PracticeLooking to expand your website, app, or connected service into the youth market? Hosting a general audience platform where children might visit? The recently streamlined FTC FAQs as well as the ICPEN guides can help.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume X, Number 241



About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

Snehal Desai, attorney, Sheppard Mullin

Snehal Desai is an associate in the Intellectual Property Practice Group in the firm's San Francisco office. She is a member of the Privacy and Cybersecurity Team, the Advertising Team and the Technology Transactions Team.

Areas of Practice

Advertising: Snehal advises clients in conducting advertising campaigns, contests and sweepstakes, and brand marketing campaigns. 

Technology and Commercial Transactions: Snehal drafts and negotiates agreements for software, SaaS, technology services, logistics, marketing, outsourcing, intellectual property licensing, sourcing and distribution agreements, and other commercial and transactional matters.

Privacy and Data Protection: Snehal counsels clients on compliance with domestic and international privacy laws and regulations. She helps clients with drafting privacy policies and online terms of service for websites and mobile applications. She also counsels clients regarding cybersecurity breach response and best practices for mitigation.