Don't say they didn't warn you. The Federal Trade Commission today sent letters to more than 90 businesses, informing them that they could potentially be in violation of the Children's Online Privacy Protection Act when changes to the law go into effect on July 1.
The FTC contacted both domestic and foreign companies making mobile apps that may be directed at children under age 13 about revisions to the privacy rule to "help ensure you are aware of those changes and your compliance responsibilities."
The two-page letter, signed by Maneesha Mithal, associate director of the Division of Privacy and Identity Protection, is quick to note that the FTC has "not yet evaluated your apps or your company's practices." Instead, the letter serves more as a heads-up about new standards for personal information collected from children.
Under the old rule, "personal information" meant things like a child's name, home address, telephone number or social security number. As of July 1, it will also include persistent identifiers, such as cookies, IP addresses and mobile device IDs. In addition, it will include photographs or videos with a child's image, or an audio file that has a child's voice.
The new rule requires all developers of apps that are directed to children under 13 - or that knowingly collect personal information from children under 13 - "to post accurate privacy policies, provide notice, and obtain verifiable parental consent before collecting, using, or disclosing any 'personal information' from children," according to the FTC.
The revised rule, which was finalized by the FTC in December 2012, also covers information collected by third parties, such as advertising networks.
The penalties for violating the act, often referred to as COPPA, can be steep. In February, social networking app Path agreed to pay $800,000 to settle FTC allegations that it wrongly collected personal information from children. And in October, Artist Arena, the operator of fan websites for music stars such as Justin Bieber shelled out $1 million to settle FTC charges that it improperly collected personal information from children without parental consent.
Other prior COPPA penalties include $1 million paid by Sony BMG Music Entertainment in 2008, and $1 million by social networking Web site Xanga.com in 2006.
The FTC urged letter recipients "to review your apps, your policies, and your procedures for compliance."
The agency also hinted that it will give credit to companies just for making an effort. "As with all our enforcement activities, the Commission will exercise its prosecutorial discretion in enforcing the COPPA Rule, particularly with respect to small businesses that have attempted to comply with the Rule in good faith in the early months after the Rule becomes effective," the letter stated.