McKenna Storer

AV Rated Chicago Law Firm

FTC Updates COPPA Compliance Plan to Include Internet-Connected Toys

· ·

The Federal Trade Commission (FTC) recently updated its COPPA Compliance Plan for businesses. The Children’s Online Privacy Protection Act (COPPA) protects the privacy of children using websites and online services. Operators of websites and online services that collect personal information from kids under age 13 are covered by the Act. Failure to comply with COPPA can result in civil penalties up to $40,654 per violation. To assist business covered under COPPA, the FTC has published a 6-step compliance plan. In response to changing technologies in the marketplace, the FTC recently updated this plan.

6-Step COPPA Compliance Plan

The FTC 6-Step Compliance Plan consists of the following:

  1. Determine if your company is a website or online service that collects information from kids under 13
  2. Post a privacy policy that complies with COPPA
  3. Notify parents directly about your information practices before collecting personal information from their kids
  4. Get parents’ verifiable consent before collecting personal information from their kids
  5. Honor parents’ ongoing rights with respect to personal information collected from their kids
  6. Implement reasonable procedures to protect the security of kids’ personal information

The FTC also provides a useful chart outlining exceptions to the verifiable consent requirement.

Updates to the Compliance Plan

The updated compliance plan clarifies that COPPA does not only apply to websites and mobile apps but can also apply to internet-connected toys. Similar to products in other areas, children’s toys have become part of the internet of things. Toys such as Cloud Pet and Hello Barbie are capable of connecting to the internet while they are played with by their owners. The FTC compliance plan indicates that COPPA applies to internet-connected toys if those toys collect personal information.

The updated plan also provides two additional methods for obtaining parental consent as required by the Act.

  1. Asking knowledge based questions – These questions should be dynamic, multiple-choice questions, with an adequate number of possible answers such that the possibility of guessing the correct answer is low. The questions should also be difficult enough that a child 12 or under could not reasonably ascertain the answers.
  2. Using facial recognition to get a match with a verified photo ID – This verification method requires that a parent provide a picture of a government-issued identification along with a live-capture of the parent’s face.

These updates respond to changes in the market based on new technology and are an extremely useful guide to businesses that believe they may be subject to COPPA.

If you have any questions concerning COPPA compliance, or any data privacy and security matter, please contact Tim Hayes at McKenna Storer.

This content was originally posted on Tim Hayes’ LinkedIn profile.

About mckenna

McKenna Storer is a corporate law firm that provides a full spectrum of legal services for businesses and individuals. More than half of our lawyers have received positive peer review ratings from Martindale Hubbell, including 10 individual Preeminent AV ratings.
McKenna Storer has been serving its clients for more than 66 years. We are open and available for consultations at both our Chicago and Woodstock locations. Please follow us on or our LinkedIn, Twitter or Facebook pages.

Chicago Office
McKenna, Storer
33 N. LaSalle, Suite 1400
Chicago, Illinois 60602
312.558.3900
312.558.8348
Mo,Tu,We,Th,Fr 8:30 am – 5:00 pm
Woodstock Office
McKenna, Storer
1060 Lake Avenue
Woodstock, Illinois 60098
815.334.9690
815.334.9697
Mo,Tu,We,Th 8:30 am – 5:00 pm