The FTC announced that it has given guidance on when the Children’s Online Privacy Protection Act (COPPA) requires collection of parental consent before collecting voice recordings online from children under 13. The issue arose because, as the FTC noted, voice is beginning to be a “replacement for written words,” especially when conducting searches or instructing digital devices. COPPA requires collecting parental consent before collecting personally identifiable information from children online. The definition of “personal information” under COPPA is broad, and includes audio files. Arguably, then, online operators would need parental consent before children “submitted” audio files, including in the form of conducting verbal searches or giving verbal instructions to their connected device.

The FTC has indicated in the new policy enforcement statement that it will not take action against online operators who do not obtain parental consent when the audio file is used “solely as a replacement of written words” as long as (a) it is used only for that purpose (running search, fulfilling an instruction) and (b) it is held only for a brief period of time. The FTC stressed that no other use can be made of the audio file, including for behavioral advertising, voice identification or sharing with third parties. The operator must still, the FTC indicated, provide COPPA-required notice, including stating in its privacy policy that it is engaging in this use of audio files (and that such files are deleted). The policy does not apply if the operator is asking for information that would otherwise be viewed as personal, such as (in the FTC example), the child’s name.

PUTTING IT INTO PRACTICE: Companies that collect audio files – for example if they operate online platforms that permit users to submit voice instructions – may find this recent FTC statement helpful. Attention should be paid, however, to the limitations of this non-enforcement policy.