Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
ZwillGen: The FTC Final Amendments to COPPA Ruling

ZwillGen: The FTC Final Amendments to COPPA Ruling

Ratings: (0)|Views: 411 |Likes:
Published by ZwillGen
The FTC Final Amendments to COPPA Rule

This alert provides a detailed analysis and discusses the key changes to the Rules and how they will impact a range of websites and services.

These new Rules will go into effect on July 1, 2013

We outline the broad & significant changes

The PDF is FREE to view & download
The FTC Final Amendments to COPPA Rule

This alert provides a detailed analysis and discusses the key changes to the Rules and how they will impact a range of websites and services.

These new Rules will go into effect on July 1, 2013

We outline the broad & significant changes

The PDF is FREE to view & download

More info:

Categories:Types, Business/Law
Published by: ZwillGen on Apr 03, 2013
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Guiding the Biggest Names on the InternetThrough the Maze of Legal Issues Online.
1705 N Street, Northwest Washington, D.C. 20036T: 202 296 3585W:www.zwillgen.com
All Child-Directed Sites and Services Have StrictLiability or Third Parties Collecting Inormationon their Sites.
One o the most signifcant changes the FTC made is toimpose a strict liability standard on child-directed operatorsthat allow third parties (such as plug-ins and ad networks)to collect personal inormation through their services. Thus,under the new rules, a child-directed website or servicethat allows a third-party plug-in or an advertising networkto collect children’s personal inormation (including uniqueidentifer) is obligated to provide notice to parents andobtain consent beore the child’s inormation is collected.This requirement applies even i the child’s personalinormation only is being collected by the third party plug-in or ad network. It also applies to general audience sitesthat allow third parties to collect personal inormation romspecifc users when the sites have actual knowledge thatsuch users are children.According to the FTC, the child-directed site operator isthe entity in the best position to provide parental noticeand obtain consent. Thus, imputing strict liability on theseoperators or the actions o third parties is justifed becausechild-directed sites oten beneft rom third-party servicesthat provide enhanced site unctionality and content,greater publicity, and compensation to site owners. Thischange is likely to have a signifcant impact on child-directed sites and services seeking to monetize throughbehavioral advertising, given that such services will nowneed to provide notice and obtain consent prior to allowingthird-party behavioral, tracking networks to operate ontheir services. (The Rules exempt “contextual” advertisingthat only accounts or what site or page an ad appears on.)The notice and consent requirements are burdensome, andmany operators have previously avoided such requirementsby not directly collecting children’s personal inormationand only allowing third-party networks to collect uniqueidentifers and not personal inormation. We believe theultimate result o this change will be that many child-directed services will sever their relationships with third-party behavioral ad networks and plug-ins to avoid thisnew strict liability standard.Some operators may challenge this rule change. Invoting against the COPPA amendments, FTC CommissionerOhlhausen provided a potential roadmap or such achallenge. Ohlhausen believes that extending COPPAobligations to entities that do not collect personal
The FTC Final Amendments to COPPA Rule
On December 19, 2012, the FTC released its fnalamendments to the Children’s Online PrivacyProtection Act (“COPPA”). With a ew exceptions,the fnal Rules largely track the changes thatthe FTC proposed in its Notice o ProposedRulemaking (“NPRM”) released in September2011, and Supplemental Notice o ProposedRulemaking (“SNPRM”) released in August 2012.We provided an initial summary o theamendments when they were released. This alertprovides a more detailed analysis and discussesthe key changes to the Rules and how they willimpact a range o websites and services.
Thesenew Rules will go into eect on July 1, 2013.
Pages 1 & 2
inormation rom children or have access to or controlo such inormation collected by a third party is notconsistent with COPPA’s defnition o “operator”: the COPPAstatute itsel covers only entities “on whose behal suchinormation is collected and maintained.” Thus, Ohlhausendoes “not believe that the act that a child-directedsite or online service receives any kind o beneft romusing a plug-in is equivalent to the collection o personalinormation by the third-party plug-in on behal o thechild-directed site or online service.”It is also arguable that holding site operators liable orthe actions o third parties is not consistent with theCommunications Decency Act, which provides broadimmunities to a variety o online service providers orconduct by third parties that occurs on or through websitesand other online properties.
The Deinition o “Personal Inormation” hasbeen Broadened to Apply to Data that ManyProviders Currently Collect Without SeekingNotice and Consent.
The FTC has expanded the defnition o “personalinormation” in ways that are likely to have a signifcantimpact on how child-directed sites currently operate. Isites continue to collect such inormation (outside oexceptions or “internal operations”), they will be requiredto comply with COPPA.
Persistent Identifers.
While the existing defnitioncovers persistent identifers associated with individuallyidentifable inormation, the new Rule includes otherpersistent identifers – notably, unique IDs in cookies, IPaddresses, and process or device serial numbers that can“recognize a user over time and across dierent sites oronline services.” “Dierent websites” captures afliatedsites where the afliate relationship is not clear to theuser. Under the revised Rules, absent parental notice andconsent, operators may not gather persistent identifers tobehaviorally target ads to a specifc child, nor may they usethem to amass a profle on an individual child user basedon the collection o such identifers over time and acrossdierent sites.The FTC has, however, created a separate exception to theRule’s notice and consent requirements or identifers usedsolely or providing
 support for the internal operations
o asite or service. This includes activities “necessary” (looselyspeaking) to:1. maintain or analyze the unctioning o the site orservice;2. perorm network communications;3. authenticate users or personalize site content;4. serve contextual advertising on the site or cap therequency o advertising;5. protect the security or integrity o the user, site, orservice; or6. ulfll a request o a child as otherwise provided inthe Rule.The new Rule also applies to third parties collectingpersistent identifers on a site or service. However, entitiesthat collect persistent identifers, and no other personalinormation, rom users who afrmatively interact with theentity and whose previous registration with such entityindicates that they are over the age o 12, are not subjectto COPPA. Thus, third-party plug-ins that collect a persistentidentifer rom an individual who afrmatively downloadsthe plug-in on another site and that know rom previousdealings with the individual that he/she is over the age

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->