August 11, 2020

Volume X, Number 224

August 11, 2020

Subscribe to Latest Legal News and Analysis

August 10, 2020

Subscribe to Latest Legal News and Analysis

FTC Gives COPPA Guidance on Voice Recordings

The FTC announced that it has given guidance on when the Children’s Online Privacy Protection Act (COPPA) requires collection of parental consent before collecting voice recordings online from children under 13. The issue arose because, as the FTC noted, voice is beginning to be a “replacement for written words,” especially when conducting searches or instructing digital devices. COPPA requires collecting parental consent before collecting personally identifiable information from children online. The definition of “personal information” under COPPA is broad, and includes audio files. Arguably, then, online operators would need parental consent before children “submitted” audio files, including in the form of conducting verbal searches or giving verbal instructions to their connected device.

The FTC has indicated in the new policy enforcement statement that it will not take action against online operators who do not obtain parental consent when the audio file is used “solely as a replacement of written words” as long as (a) it is used only for that purpose (running search, fulfilling an instruction) and (b) it is held only for a brief period of time. The FTC stressed that no other use can be made of the audio file, including for behavioral advertising, voice identification or sharing with third parties. The operator must still, the FTC indicated, provide COPPA-required notice, including stating in its privacy policy that it is engaging in this use of audio files (and that such files are deleted). The policy does not apply if the operator is asking for information that would otherwise be viewed as personal, such as (in the FTC example), the child’s name.

PUTTING IT INTO PRACTICE: Companies that collect audio files – for example if they operate online platforms that permit users to submit voice instructions – may find this recent FTC statement helpful. Attention should be paid, however, to the limitations of this non-enforcement policy.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume VII, Number 297


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...