April 19, 2018

April 19, 2018

Subscribe to Latest Legal News and Analysis

April 18, 2018

Subscribe to Latest Legal News and Analysis

April 17, 2018

Subscribe to Latest Legal News and Analysis

New FTC Guidance on Children’s Online Privacy Protection Act

In May 2017, Senator Mark Warner of Virginia sent a letter to the Federal Trade Commission (FTC) raising concerns about the security of data collected, transmitted, and/or stored by internet-connected products geared toward children. FTC acting Chairman Maureen Ohlhausen sent a response letter discussing Senator Warner’s concerns and the FTC’s enforcement of the Children’s Online Privacy Protection Act (COPPA), and the FTC released updated guidance on COPPA compliance in late June 2017.

COPPA aims to protect children by enforcing certain requirements and prohibitions related to the collection, use, and disclosure of data collected from and about children. The FTC’s rules implementing COPPA cover

  • a notice for the collection, use, and disclosure of information collected from children;

  • related parental consent requirements;

  • the provision of a means for parents to review such information and prevent its further use;

  • the prohibition of conditioning children’s game participation, prize eligibility, or other activities on children disclosing more personal information than is reasonably necessary for such participation; and

  • necessary steps to protect the confidentiality, security, and integrity of such collected information, among other requirements.

Acting Chairman Ohlhausen’s response letter highlighted the FTC’s ability to enter into enforcement proceedings and promulgate rules to update COPPA regulations under the Administrative Procedures Act as a means to meet changes in technology. Updates to the FTC’s guidance on COPPA compliance include the application of COPPA rules to internet-connected devices and new methods for obtaining parental consent.

The full FTC COPPA compliance guidance covers

  • when COPPA applies to a company,

  • privacy policy compliance with COPPA,

  • notification requirements under COPPA,

  • adequate parental consent and certain exceptions,

  • ongoing parental rights related to personal information collected from children, and

  • reasonable security procedures.

It is important to determine whether COPPA applies to your company, and if so, to ensure your business practices comply with COPPA.

Copyright © 2018 by Morgan, Lewis & Bockius LLP. All Rights Reserved.


About this Author


Michael L. Pillion is a partner in the Global Outsourcing, Technology, and Commercial Transactions Practice at Morgan Lewis. Mr. Pillion’s practice focuses on information technology and business process outsourcing transactions, as well as commercial and other technology-related transactions, including system implementation, licensing, technology services, strategic alliances, and other agreements in support of sourcing and supply chain operations.

Jessica M. Pelliciotta, Morgan Lewis, Commercial Transactions Attorney, Emerging Technology Lawyer,

Jessica M. Pelliciotta is part of our outsourcing and strategic commercial transactions team of lawyers, handling critical commercial transactions that enable our clients to run their business operations effectively. The Morgan Lewis team focuses on technology transactions, including licensing, services, and alliance deals that involve emerging technologies such as cloud computing, software as a service (SaaS), and data analytics.