So, what should kids' apps developers do to comply with the new COPPA rules?
1. Educate yourself. Developers should start by reading the FTC Q&A. Also, read this letter sent by the FTC to certain apps developers in May of this year regarding the use of persistent identifiers in the apps and this letter regarding the use of photos, videos and sound recordings of children. Last but not least, read Scott Weiner's notes from the webinar on COPPA compliance which are a great resource for learning about the new rules.
2. Understand the new expanded definition of "personal information". Note in particular that as of July 1, the definition of "personal information" will include persistent identifiers, such as cookies, IP addresses and mobile device IDs, that can recognize users over time and across different websites or online services, as well as kids' videos, photographs and voice recordings.
3. Adopt a privacy policy and make it easily seen and accessible to parents on the app’s store page so that parents can access it prior to purchasing the app.
4. Determine whether the COPPA rules apply to you. This depends on whether you collect children's personal information that you share with third parties. If in doubt, assume that the rules apply.
5. Give notice and get verifiable parental consent before collecting personal information on your applications that you share with third parties. The good news is that no consent is needed if you collect personal information for internal purposes such as maintaining or analyzing the functioning of the application, performing network communications, authenticating users of the app, serving contextual advertising, or conducting other specific activities defined as “support for internal operations”.
6. Take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential.
7. Learn, understand and implement the new data retention and deletion requirements.
Although time is running out, thankfully there are multiple resources available to the apps developers to help them comply with the new COPPA rules. Remember: if your app is not in compliance by July 1st, it does not mean that you have to pull the app from the market. Simply stop collecting and sharing any children's personal information until you are 100% certain that you are in full compliance with the rule.
This article is not a legal advice, and was written for general informational purposes only. If you have questions or comments about the article or are interested in learning more about this topic, feel free to contact its author, Arina Shulga. Ms. Shulga is the founder of Shulga Law Firm, P.C., a New York-based boutique law firm specializing in advising individual and corporate clients on aspects of business, corporate, securities, and intellectual property law.
2. Understand the new expanded definition of "personal information". Note in particular that as of July 1, the definition of "personal information" will include persistent identifiers, such as cookies, IP addresses and mobile device IDs, that can recognize users over time and across different websites or online services, as well as kids' videos, photographs and voice recordings.
3. Adopt a privacy policy and make it easily seen and accessible to parents on the app’s store page so that parents can access it prior to purchasing the app.
4. Determine whether the COPPA rules apply to you. This depends on whether you collect children's personal information that you share with third parties. If in doubt, assume that the rules apply.
5. Give notice and get verifiable parental consent before collecting personal information on your applications that you share with third parties. The good news is that no consent is needed if you collect personal information for internal purposes such as maintaining or analyzing the functioning of the application, performing network communications, authenticating users of the app, serving contextual advertising, or conducting other specific activities defined as “support for internal operations”.
6. Take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential.
7. Learn, understand and implement the new data retention and deletion requirements.
Although time is running out, thankfully there are multiple resources available to the apps developers to help them comply with the new COPPA rules. Remember: if your app is not in compliance by July 1st, it does not mean that you have to pull the app from the market. Simply stop collecting and sharing any children's personal information until you are 100% certain that you are in full compliance with the rule.
This article is not a legal advice, and was written for general informational purposes only. If you have questions or comments about the article or are interested in learning more about this topic, feel free to contact its author, Arina Shulga. Ms. Shulga is the founder of Shulga Law Firm, P.C., a New York-based boutique law firm specializing in advising individual and corporate clients on aspects of business, corporate, securities, and intellectual property law.
No comments:
Post a Comment