FTC begins COPPA warning mail-blast as child app rules approach

The Federal Trade Commission has begun warning app developers that they must bring their software in-line with the upcoming Children's Online Privacy Protection Rule, firing out letters highlighting new expectations for titles that can include multimedia of underage users. Over ninety letters have been sent, to both US and foreign developers, the FTC said this week, notifying them that if their apps can capture photos, videos, or audio of children, the amended COPPA may well affect them.

The new version of COPPA comes into effect on July 1, and impacts apps and services which could be used by those under 13. If the app has some sort of "persistent identifier" which is used to recognize that user, it will likely need to modify its privacy and permissions policies. Notably, that identifier need not be a username or involve active registration: a cookie or device ID will count as well.

"Companies whose apps collect, store or transmit this information, as well as other personal information previously covered by the rule like a child's name or address, must get parents' consent before collecting the information. In addition, companies must also ensure that any third party receiving the information can keep it secure and confidential, as well as abiding by new rules affecting how the information is stored and retained" FTC

Four different versions of the notification letter have been prepared, depending on whether the recipient is a domestic US or foreign firm, and the nature of the data collection. For domestic companies, there's an images/sounds version [pdf link] and a persistent identifiers version [pdf link]; the same counterparts for foreign apps collecting images/sounds [pdf link] of children in the US, or assigning them identifiers [pdf link].

Actually receiving a letter doesn't mean that the FTC has actively evaluated a company and found it wanting in terms of COPPA compliance, the Commission is keen to point out. Instead, they're intended to prompt a "COPPA check-up" ahead of the new rules coming into effect.

The changes to COPPA were announced back in December, as a way to bring the Act up to speed with the changing nature of applications and the user-data they collect. Among the tweaks are a new requirement that developers not only be responsible for a compliant privacy policy that covers their own data collection, but of any data that's collected by third-party services – such as ad networks – that are incorporated into the software.

The list of companies which have received the letters has not been revealed, though ustwo – developer of randomized photo-sharing app Rando – took to Twitter to confirm that it had been couriered one. There's more on COPPA compliance at the FTC; violating the rule can result in civil penalties of up to $16,000 per violation.

VIA ustwo