6/15/2013
Kid marketers and business executives have been pushing for the Federal Trade Commission to delay its implementation of new guidelines for the Children’s Online Privacy Protection Act (COPPA), saying they are too confusing and vague. A recent survey conducted by the FTC finds 78% of businesses think they should be given additional time to get compliant.
Nonetheless, the FTC acknowledges these guidelines will affect many youth marketers and has been working diligently to help them achieve COPPA compliance by the July 1 deadline.
Still, questions abound, and, during a recent webinar, marketers expressed the most confusion about these issues:
Legacy apps: There are several different guidelines regarding information collected prior to the July 1 implementation. Users will not be forced to install updates, meaning if the older version of Angry Birds wasn’t COPPA-compliant, creators won’t be held responsible that this version, and the information it collects, violates the updated COPPA rules.
As of July 1, privacy policies must be posted on home or landing screens of a child-directed app. Simply posting this information on an app store page or during the purchase receipt is not sufficient.
Am I targeting kids? The FTC determines a target audience by the actual, intended, and likely audience for a website or app, as well as where advertising appears and the presence of child-oriented activities and content. Any site or app that is “primarily directed to children,” which means some, but not all, of its user base is under age 13, should assume all users are under 13 and follow all COPPA guidelines. Age screens—i.e., pages that ask the age of the user before launching—must be done neutrally, which means having the user select a specific year of birth rather than generally asking whether the user is over 18.
Third-party features: With social plug-ins, such as Facebook Share, the child-directed site or app is ultimately responsible for compliance, not Facebook. These operators need to tell third parties whether their site/app is directed to children. With ad networks, such as Google Adsense, contextual ads are allowed without needing parental consent, but behaviorally targeted ads are not acceptable. In other words, kids who visit sports sites are able to view ads from sporting goods chains, but advertisers cannot develop a defined profile that always shows sports-related ads based on this website visit.
Child’s photos: The new law applies if the photo contains a child’s image and is uploaded by the child. However, it does not apply to photos of pets or places, or photos uploaded by teachers or parents. It also does not apply if facial features are blurred or to photos that are stored locally on the child’s device. Importantly, all photo uploads need to consider other data that may be embedded in photos, such as geolocation.
Where are you? Parental consent is required if the geolocation is specific enough to identify street name or name of city. Five-digit ZIP codes are not covered, but nine-digit codes are. A simple opt-in prompt (i.e., don’t allow vs. OK) is not enough to be COPPA-compliant.
Parental consent: An app store account, such as the iTunes password, does not provide reasonable assurance you are dealing with the parent; therefore it is not COPPA-compliant. Schools and teachers are able to provide parental consent in certain circumstances, primarily for online activities.
Source: Federal Trade Commission, Kristin Cohen, FTC Attorney, Member of COPPA Enforcement Team, 600 Pennsylvania Ave., NW, Washington, DC 20580; 202-326-2252; kcohen@ftc.gov; www.ftc.gov.
© 2013 Business Valuation Resources, LLC (BVR). May not be reproduced without written consent of publisher.