Careers

Experiences

Industries

Offices

Our Firm

Pages

Our People

Updates

Practices

Warner Norcross + Judd LLP is a corporate law firm with over 230 attorneys serving clients in nine offices throughout Michigan. Among the largest law firms in Michigan, Warner works in virtually all areas of business law.

Michigan Law Firm - Warner Norcross + Judd LLP

After giving the mobile app industry a few years of heartburn over the breadth and ambiguity of its expanded&nbsp;Children’s Online Privacy Protection Act (COPPA) Rule, the Federal Trade Commission has gradually begun to provide some much-needed clarity.

contentpilot/introduction

Earlier this month,&nbsp;the FTC revised three portions of “<a href="http://www.business.ftc.gov/documents/0493-Complying-with-COPPA-Frequently-Asked-Questions#Verifiable%20Parental" target="_blank" rel="noreferrer noopener">Part H</a>” in its online FAQs, which deal with&nbsp;how entities subject to COPPA may obtain verifiable parental consent.

core/paragraph

One of COPPA's key methods of protecting children's privacy is by requiring&nbsp;companies&nbsp;to give notice to parents and obtain verifiable parental consent before collecting personal information. &nbsp;The FTC implements COPPA by means of its "COPPA Rule." When the FTC rewrote this Rule in 2012, it expanded the breadth of activities covered by the Rule without offering much guidance on how to comply with it.

Now, Part H.5 of&nbsp;the FAQ&nbsp;gives more credence to the use of credit card or debit card numbers as a means of verifying parental consent. The Rule already allows these financial numbers to suffice as consent when given in connection with a monetary transaction. But companies wanted the ability to use the numbers for this purpose even when money doesn't change hands. and the FTC listened. Part H.5 now says:

Although collecting a 16-digit credit or debit card number alone would not satisfy this standard, there may be circumstances in which collection of the card number – in conjunction with implementing other safeguards – would suffice.&nbsp; For example, you could supplement the request for credit card information with special questions to which only parents would know the answer and find supplemental ways to contact the parent.

core/quote

So the number alone is not enough, but it can suffice when combined with "other" security protocols that&nbsp;are “reasonably calculated” to ensure that the consent is being provided by the parent.

Another important update comes in FAQ H.10, which clarifies that the app stores selling the app can be the entity that collects the parental consent on the app developer's&nbsp;behalf. The FTC warns developers, however, that they still retain the responsibility for "ensur[ing] that COPPA requirements are being met." To underscore the point, FAQ H.16 &nbsp;has also been amended to clarify that app stores are not liable under COPPA.

How can app developers verify that the app stores are providing them what they need to comply with COPPA? The FTC has a few suggestions:

For example, you must make sure that the third party is obtaining consent in a way that is reasonably calculated, in light of available technology, to ensure that the person providing consent is the child’s parent. The mere entry of an app store account number or password, without other indicia of reliability (e.g., knowledge-based authentication questions or verification of government identification), does not provide sufficient assurance that the person entering the account or password information is the parent, and not the child. You must also provide parents with a direct notice outlining your information collection practices before the parent provides his or her consent."

These updates do not ease COPPA's burden on app developers. But every bit of guidance from the FTC in complying with the Act's often-tricky requirements is welcome.

Augmented Legality

Emerging Media and Technologies

Partner

Brian D. Wassom

Information Technology Transactions

App Developers Get More Guidance for Complying With COPPA

Warner Norcross + Judd LLP is responsible for the contents of our advertising and this website. Please read our full <a href="/privacy-policy/" aria-label="see privacy policy">privacy policy</a> available on our website. If you have any questions or comments about our website or our Privacy Policy please contact us at <a href="mailto:info@wnj.com">info@wnj.com</a> or 616.752.2000. 

App Developers Get More Guidance for Complying With COPPA

professionals