November 30, 2022

Volume XII, Number 334


November 29, 2022

Subscribe to Latest Legal News and Analysis

November 28, 2022

Subscribe to Latest Legal News and Analysis

New FTC Guidance on Children’s Online Privacy Protection Act

In May 2017, Senator Mark Warner of Virginia sent a letter to the Federal Trade Commission (FTC) raising concerns about the security of data collected, transmitted, and/or stored by internet-connected products geared toward children. FTC acting Chairman Maureen Ohlhausen sent a response letter discussing Senator Warner’s concerns and the FTC’s enforcement of the Children’s Online Privacy Protection Act (COPPA), and the FTC released updated guidance on COPPA compliance in late June 2017.

COPPA aims to protect children by enforcing certain requirements and prohibitions related to the collection, use, and disclosure of data collected from and about children. The FTC’s rules implementing COPPA cover

  • a notice for the collection, use, and disclosure of information collected from children;

  • related parental consent requirements;

  • the provision of a means for parents to review such information and prevent its further use;

  • the prohibition of conditioning children’s game participation, prize eligibility, or other activities on children disclosing more personal information than is reasonably necessary for such participation; and

  • necessary steps to protect the confidentiality, security, and integrity of such collected information, among other requirements.

Acting Chairman Ohlhausen’s response letter highlighted the FTC’s ability to enter into enforcement proceedings and promulgate rules to update COPPA regulations under the Administrative Procedures Act as a means to meet changes in technology. Updates to the FTC’s guidance on COPPA compliance include the application of COPPA rules to internet-connected devices and new methods for obtaining parental consent.

The full FTC COPPA compliance guidance covers

  • when COPPA applies to a company,

  • privacy policy compliance with COPPA,

  • notification requirements under COPPA,

  • adequate parental consent and certain exceptions,

  • ongoing parental rights related to personal information collected from children, and

  • reasonable security procedures.

It is important to determine whether COPPA applies to your company, and if so, to ensure your business practices comply with COPPA.

Copyright © 2022 by Morgan, Lewis & Bockius LLP. All Rights Reserved.National Law Review, Volume VII, Number 194

About this Author

Michael Pillion, Morgan Lewis, Litigation Attorney

Michael L. Pillion brings more than 30 years of experience navigating high-stakes transactions to his technology, outsourcing, and commercial transactions practice. He has a diverse client base that spans the health insurance, life sciences, energy, financial services, and real estate industries. He counsels clients in structuring, negotiating, realigning, and terminating information technology (IT) outsourcing and business process outsourcing (BPO) transactions, technology transactions including software as a service (SaaS) and cloud deals, complex commercial...

Jessica M. Pelliciotta, Morgan Lewis, technology lawyer

Jessica M. Pelliciotta is part of our outsourcing and strategic commercial transactions team of lawyers, handling critical commercial transactions that enable our clients to run their business operations effectively. The Morgan Lewis team focuses on technology transactions, including licensing, services, and alliance deals that involve emerging technologies such as cloud computing, software as a service (SaaS), and data analytics.