Skip to main content
IAM vs. CIAM CIAM Buyer's Guide Contact Us
Janrain respects your privacy and will treat the personal data you choose to share with us in accordance with our privacy policy.

COPPA Rule Strengthened to Address the Way Kids Connect Online Today

By Lewis Barr | Posted on January 14, 2013

Blog Banner

Lewis Barr, Janrain’s new Vice President of Privacy and Legal, kicks off his first of many articles discussing identity and privacy news and regulations that impact our customers’ business.

kids internet facebook

Back in 1998 when the Children’s Online Privacy Protection Act (COPPA) was enacted — in what some readers may think of as the age of digital dinosaurs — children could watch Barney on TV, but they sure couldn’t pay him a visit on the PBS kids website via their parents’ iPads, or extol his cheeriness on their Facebook pages. Now, of course, they can. With the intent of protecting children online in the ways they use the Internet today, including through mobile devices and social networking sites, the FTC recently updated its COPPA Rule.

COPPA applies to the operators of commercial websites and online services that are directed to children under 13 or that know they are collecting personal information from children under 13.

To address the ways in which children’s information can now be collected, the COPPA Rule expands the types of personal information that can’t be collected without parental notice and consent to include:

  • Geolocation information, photographs, and videos and audio files that contain a child’s image or voice;
  • Any user name that would permit direct contact with a user online, such as an email address, an instant message user identifier, a VOIP identifier, or a video chat; and
  • Persistent identifiers, such as IP addresses and mobile user IDs, if they are used to track children over time and across websites. Where the collection of personal information is used “for the sole purpose of supporting the website or online service’s internal operations, such as contextual advertising,” however, COPAA’s parental notice and consent requirements do not apply.

In another significant change, COPPA liability has been extended to websites and online services directed to children even if they don’t collect personal information for themselves but play host to ad networks and plug-ins like Twitter’s “tweet” button that collect personal information for their own use. In addition, the operators of plug-ins and ad networks with actual knowledge that they are collecting information from websites or online services directed at children will be required to meet the parental notification and consent requirements.

To strengthen the protection of children’s information, the amended COPPA Rule requires operators to keep children’s personal information only so long as necessary to meet the purpose for which it was collected and to make reasonable efforts to release children’s personal information to service providers which are capable of maintaining its security, integrity, and confidentiality and of deleting it securely and assure they will do so.

Although there are other important changes that need to be taken into account, the updated COPPA Rule provisions take effect on July 1, giving covered operators several months to implement any operational and other changes necessary for compliance.

Read the FTC’s lengthy discussion of the recent COPPA Rule changes and the revised rule itself.

Popular Posts

About the author

Lewis Barr

Lewis Barr

General Counsel and VP, Privacy

Lewis manages Janrain's legal compliance and privacy functions as the company continues its international expansion. He brings more than 15 years of leadership in a wide range of legal and privacy-related matters for growing technology companies. Lewis also utilizes his diverse background as a litigator in private practice, federal appeals court staff attorney, and teacher. Prior to Janrain, Lewis was General Counsel and Secretary of Fios, Inc. and before that, he was General Counsel of New Edge Networks (now EarthLink Business). Lewis holds a Juris Doctor degree from the University of Missouri School of Law and a Bachelor's Degree from Georgetown University’s School of Foreign Service. He is also a Certified Information Privacy Professional (CIPP/US).

View all posts by Lewis Barr