Kristin Cohen and Peder Magee of the FTC explain:
Is the Children’s Online Privacy Protection Rule a consideration at your company? We’ve updated our guidance for businesses about complying with COPPA to reflect developments in the marketplace – for example, the introduction of internet-connected toys and other devices for kids. If you need to know when COPPA applies and what to do if it does, our revised Six-Step Compliance Plan for Your Business keeps current with developing technology while still breaking the process down into six manageable steps.
What’s new in the FTC’s updated COPPA Compliance Plan?
- New business models. As technologies evolve, companies have new ways of collecting data, some of which may affect your obligations under COPPA. Just one example: voice-activated devices that collect personal information. If your clients change how they do business, are they keeping up with COPPA?
- New products covered by COPPA. COPPA applies not only to websites and mobile apps. The law also can apply to the growing list of connected devices that make up the Internet of Things. That includes connected toys and other products intended for children that collect personal information, like voice recordings or geolocation data.
- New methods for getting parental consent. Getting parents’ permission before collecting personal information online from kids under 13 has always been a key component of COPPA. The revised Compliance Plan discusses two newly-approved methods for getting parental consent: asking knowledge-based authentication questions and using facial recognition to get a match with a verified photo ID.
h/t, Joe Cadillic