October 18, 2018

October 18, 2018

Subscribe to Latest Legal News and Analysis

October 17, 2018

Subscribe to Latest Legal News and Analysis

October 16, 2018

Subscribe to Latest Legal News and Analysis

FTC Releases Guidance on Voice Recordings Under COPPA

The Federal Trade Commission (FTC) has been an active gatekeeper when it comes to children's privacy. Since 2000, the Commission has brought more than two dozen complaints against online operators under the Children's Online Privacy Protection Rule (COPPA Rule), which requires that "verifiable parental consent" be obtained by "covered operators" before they can collect any personal information from a child.

In 2013, the FTC amended the COPPA Rule, adding video, audio, and images to its definition of "personal information." However, the amended Rule triggered questions about "whether the practice of collecting audio files that contain a child's voice, immediately converting the audio to text, and deleting the file containing the voice recording triggers COPPA's requirements."

 Increasingly, voice is replacing written words in online searches or when individuals -including children - give commands to connected devices or apps. Recognizing this, the FTC released a new policy enforcement statement that makes clear the Commission "will not take action against an operator for not obtaining parental consent before collecting the audio file with a child's voice when it is collected solely as a replacement of written words, such as to perform a search or to fulfill a verbal instruction or request - as long as it is held for a brief time and only for that purpose."

Thus, while the collection of voice data constitutes "collection" of personal information from a child under the COPPA Rule, and is not otherwise subject to an express exception to COPPA's parental consent requirement, the FTC's enforcement policy guidance provides a welcome dose of common sense. The FTC will exercise enforcement discretion when operators of websites and services collect personal information from children in specific, limited circumstances. The policy covers only those situations where "the audio file is used 'solely as a replacement of written words'" and "(a) it is used only for that purpose (running a search, fulfilling an instruction) and (b) it is held only for a brief period of time." It will not apply if the operator or manufacturer requests "information that would otherwise be viewed as personal, such as the child's name." Covered operators must also make clear in their privacy policies how they will collect, store and delete audio files.

The FTC's new guidance is a good example of how to take a commonsense approach to the real-world implications of COPPA's parental consent requirement. The temporary nature of the voice-command technology relied on by many operators convinced FTC of the wisdom of using enforcement discretion to create a narrow exception to strict reliance on pre-collection verifiable parental consent. Furthermore, the FTC guidance demonstrates that where children's personal information is not at risk, regulators can agree to minimize the burden on both operators and parents while making IoT products available to children in a privacy-safe way. 

© 2018 Keller and Heckman LLP


About this Author

Tracy Marshall, Keller Heckman, regulatory attorney, for-profit company lawyer

Tracy Marshall joined Keller and Heckman in 2002. She assists clients with a range of business and regulatory matters.

In the business and transactional area, Ms. Marshall advises for-profit and non-profit clients on corporate organization, operations, and governance matters, and assists clients with structuring and negotiating a variety of transactions, including purchase and sale, marketing, outsourcing, and e-commerce agreements.


Sheila Millar, Keller Heckman, advertising lawyer, privacy attorney

Sheila A. Millar counsels corporate and association clients on advertising, privacy, product safety, and other public policy and regulatory compliance issues.

Ms. Millar advises clients on an array of advertising and marketing issues.  She represents clients in legislative, rulemaking and self-regulatory actions, advises on claims, and assists in developing and evaluating substantiation for claims. She also has extensive experience in privacy, data security and cybersecurity matters.  She helps clients develop website and app privacy policies, data security and access procedures, manage trans-border data flows, respond to data breaches and create training programs. She assists clients on digital media issues, helping them develop social media, blogging and user-generated content policies, and to understand advertising technology and online behavioral advertising issues.  Ms. Millar also works with clients to navigate the array of federal and state requirements governing contests and sweepstakes, and advises on gift cards, coupons and rebates.  She represents clients on advertising and privacy matters before the Federal Trade Commission (FTC), the Children’s Advertising Review Unit (CARU), the National Advertising Division (NAD), as well as in connection with investigations by state regulatory bodies and Attorneys General.