Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: COPPA

Posted in Consumer Privacy

Department of Education Issues “Model Terms of Service” and Other Guidance on Student Privacy Compliance

On February 26, the U.S. Department of Education issued guidance aimed at assisting schools and school districts when considering whether the use of online educational services and mobile applications complies with student privacy laws. The guidance consisted of two main components. First, the Department published a document entitled Protecting Student Privacy While Using Online Educational Services: Model Terms of Service, which evaluates common privacy-related provisions in online Terms of Service and analyzes how they comply with student privacy requirements. Second, the Department produced a user-friendly, 10-minute training video directed to K-12 administrators, teachers, and staff about schools’ privacy obligations when using online educational services and applications. Finally, the guidance encourages school administrators to check the Student Privacy Pledge when considering whether to use online educational services in the classroom.

Posted in Consumer Privacy

Privacy in the Machine World

In 2014, the Internet of Things and big data were two of the hottest buzz words among privacy professionals. This year, “robotics” may be one of our oft-spoken words. In this post, we look at two of the challenges that robotics brings. One challenge facing privacy professionals is how to address potential privacy issues as autonomous robots powered by big data and network connectivity are brought into our personal spaces. Another, often equally challenging issue, is how to implement robotics in a legal and regulatory landscape that was designed, in many cases, for the relatively slow-paced technologies of the Internet where the chirps of dial-up modems broadcast our connections.

Posted in Consumer Privacy

FTC Denies Proposed Verifiable Consent Method Under COPPA

The FTC denied AgeCheq’s application for approval of a proposed verifiable parental consent (VPC) method under COPPA. Under COPPA, operators of online services that are directed to children are required, except for limited situations, to obtain VPC prior to collecting personal information from children. Specifically, COPPA requires operators to obtain verifiable parental consent, taking into consideration available technology and any method must be reasonable calculated in light of available technology, to ensure that the person providing consent is the child’s parent. COPPA further provides a non-exhaustive list of acceptable methods that include (i) obtaining a form signed by a parent; (ii) receiving a credit/debit card or certain other online payment mechanisms if associated with a monetary transaction; (iii) a parent calling a toll-free number; (iv) parental consent by videoconference; (v) verifying parental identity against a form of government-issued identification; and (vi) traditional “email plus” where children’s personal information will be used for internal purposes only.

Posted in Consumer Privacy

FTC Approves New Method for Obtaining COPPA Verifiable Parental Consent

The Federal Trade Commission (FTC) recently approved appropriately implemented “knowledge-based authentication” as a method for obtaining verifiable parental consent (VPC) under the Children’s Online Protection Act (COPPA). To be “appropriately implemented,” operators should assess whether any knowledge-based authentication technology:
•Generates “dynamic, multiple choice questions”;
•Asks “a reasonable number of questions with an adequate number of possible answers” to ensure that “the probability of correctly guessing the answer is low”; and
•Uses “questions of sufficient difficulty that a child age 12 or under in the parent’s household could not reasonably ascertain the answers.”

The FTC’s action provides online operators some welcome flexibility in implementing COPPA-compliant VPC strategies and demonstrates that the FTC will give serious consideration to VPC proposals.

Posted in Consumer Privacy

FTC Votes to Retain July 1, 2013 COPPA Rule Compliance Date

Less than two weeks after providing additional guidance on the recent changes to the Children’s Online Privacy Protection Act (“COPPA”) Rule, in the form of updated Frequently Asked Questions, the Federal Trade Commission (“FTC”) voted unanimously to retain the July 1, 2013 effective date for the changes to the COPPA Rule.

Posted in Consumer Privacy

The FTC Revised COPPA Rule: Reflections After a Night to Sleep on It

Yesterday saw dozens of instant summaries of the Federal Trade Commission’s long- awaited revision to the Children’s Online Privacy Protection Act (COPPA) Rule, which becomes effective on July 1, 2013.  We took a night “to sleep on it,” in order provide not just a summary, but some focused comments about the impact of yesterday’s rule […]

Posted in Consumer Privacy

Video Interview on Proposed Changes to COPPA Rule with Eric Bukstein

Eric Bukstein, who is in the Privacy and Information Management Practice at Hogan Lovells recenly gave a video interview to Colin O’Keefe of LXBN (Lexblog Network) TV to discuss the FTC’s supplemental proposed changes to the COPPA Rule. The video can be viewed in this blog entry.

Posted in Consumer Privacy

FTC Issues COPPA Supplemental Notice Amending Previously Proposed Rule

On August 1, the Federal Trade Commission (“FTC”) issued a supplemental notice of proposed rulemaking which proposes several changes to its previously released proposed Children’s Online Privacy Protection Act (“COPPA”) rulemaking. COPPA and the FTC’s COPPA Rule regulate the collection of personal information online from children under the age of thirteen. On September 15, 2012, the FTC released proposed revisions to the COPPA Rule, which contemplated several major changes to the existing COPPA regime.

Posted in Consumer Privacy

FTC Announces First Flash Cookie Enforcement and Settlement with Child Social Network

The Federal Trade Commission yesterday announced settlements with two online companies for deceptively collecting personal information from consumers, including its first enforcement action against the use of “Flash cookies” and an enforcement action against a social network that collected children’s information without parental consent. As a result, businesses whose websites (or vendors) utilize Flash cookies, HTML5, or ETags to track user browsing should reexamine their privacy disclosures.

Posted in Consumer Privacy

FTC Proposes Significant Changes to COPPA Rule

The FTC has released proposed revisions to the Children’s Online Privacy Protection Act (“COPPA”) Regulation. These proposed regulatory changes may create significant compliance challenges for companies that maintain websites or other online services directed at children under the age of thirteen.

Posted in Cybersecurity & Data Breaches

Cloud Computing for Regulated Industries: Security Requirements Differ

Data stored in the cloud will be subject to numerous data security laws, explains Hogan Lovells partner Phil Porter in a recent article. Specific types of data will trigger different security regulations, ranging from HIPAA rules for health data, to Gramm-Leach-Bliley Act rules for financial service data, to COPPA for data about children. Data hosted in the cloud in the U.S. might also subject the data to U.S. national security rules, including USA Patriot Act. Cloud service providers and customers need to tailor their contractual provisions to match these regulatory imperatives.

Posted in Consumer Privacy

FTC Announces COPPA Enforcement Action

On October 20, 2009, the FTC announced a settlement with Iconix Brand Group, Inc., pursuant to which Iconix will pay a $250,000 penalty to settle the FTC’s charges that it violated the Children’s Online Privacy Protection Act (COPPA) and the COPPA Rule by knowingly collecting, using, and disclosing personal information from children online without first […]