FTC Issues FAQ Guidance on Updated Children’s Privacy Rules

Kids websites and apps have 10 weeks to implement changes

Four months after the Federal Trade Commission passed sweeping updates to the children's online privacy law, the agency released a key document that websites and mobile apps directed to children will need to consult in order to become compliant by July 1.

The 38-page guidance document has been so long in coming that the FTC was hit with dueling gang letters this week over whether it should delay by six months the implementation date for the updates.

Dependent on the FAQs to finalize compliance strategies, more than 20 organizations across the digital, media and business community (such as the Interactive Advertising Bureau, the Direct Marketing Association, the Association of National Advertisers and the Chamber of Commerce) said they needed more than 10 weeks. A nearly equal number of groups urged the FTC to not delay.

The FAQs provide clarification on several unanswered questions. For example, websites and apps finally got an answer about what to do with information collected from children that prior to the updates wasn't considered personally identifiable, such as photos and videos. For geolocation data, the FTC requires websites and apps to go back and get immediate consent but not for other archived information.

Sites and apps may also have to rework their privacy policies. "There is a message to go back and look at privacy policies; the FTC wants a more streamlined policy that is concise and to the point," said Linda Goldstein, a partner with Manatt, Phelps & Phillips.

Privacy policies must be more prominent and obvious. "The FTC doesn't want it at the bottom of a Web page unless it’s distinguishable. Policies must be on the home or landing page," Goldstein said.

Because websites and apps will now be liable for any data collection performed by third parties, that will also need to be disclosed in the privacy policy.

"It's going to be tough for brands to put this all together," Goldstein said. "It's not unreasonable to ask for more time."

Privacy groups argue that everyone has had plenty of time. "While the FAQs provide helpful guidance for companies covered by Coppa, they do not provide any reason to delay the July 1 effective date. If companies engaging in activities not permitted under the revised rules cannot come into compliance by the effective date, they should simply stop engaging in those activities until they can comply," said Angela Campbell, the director of Georgetown Law's Institute for Public Representation, who represents the Center for Digital Democracy.

The FTC wouldn't comment about whether it was considering pushing back the deadline. "We've received the letters but haven't yet responded," an FTC spokesman said.


Recommended articles