Iowa Intellectual Property Blog
Marketing On-Line to Children Just Got Stricter
Jun. 24, 2013 – Janet E. Phipps Burkhead, Iowa Intellectual Property Blog
To determine whether a web site is directed to children, the FTC considers several factors, including:
• The subject matter
• Visual or audio content;
• The age of models on the site;
• Whether the advertising on the site is directed to children;
• Information regarding the age of the actual or intended audience; and
• Whether a site uses animated characters or other child-oriented features.
To determine whether an entity is an “operator” with respect to information collected on a site, the FTC will consider:
• Who owns and controls the information;
• Who pays for the collection and maintenance of the information;
• What the pre-existing contractual relationships are in connection with the information; and
• What role the website plays in collecting or maintaining the information.
In December 2012, the FTC recommended several changes to COPPA which take effective July 1, 2013.
These amendments include:
• Covering data collection by plug-ins, software downloads, or advertising networks integrated into websites (this closed a loophole for third parties);
• Requiring parental consent to include persistent identifiers (e.g., IP addresses, mobile devices) used for behavioral advertising and other tracking across web sites;
• Allowing persistent identifiers to be used without parental consent if the use is limited to supporting their own operations and not as a marketing tool;
• Treating geo-location information and any photo, video or audio file that includes a child’s image or voice as personal information;
• Allowing child-directed sites and services to differentiate among users by age-screening, and to provide notice and obtain parental consent only for those self-identifying as under 13;
• Streamlining the notice requirements to ensure information about data collection and use practices is presented to parents in a succinct “just-in-time” notice;
• Requiring “reasonable steps” to ensure any release of a child’s personal information is made only to service providers and third parties capable of maintaining its confidentiality, security, and integrity; and
• Regulating data retention and deletion.
Penalties are steep for violators – up to $16,000 per violation. There has been some indication that small companies who make a good faith effort to comply may be given a grace period; however that remains to be seen.
Industry Categories: Multimedia Publishing
Practice Area Categories: Intellectual Property Law