Export Compliance Daily is a service of Warren Communications News.
Subscriber Login
July 1

FTC Votes To Keep July COPPA Implementation Date

May 7, 2013 by Kate Tummarello|Top News

They will have had six months to make the changes necessary to comply with the new rule, the agency said. That six-month interval reflects the fact that “the Commission took into account the costs and burdens of complying with the Rule” and it was “analyzing the public comments and adopting the final amendments,” the letter said. Additionally, the six-month period between issuance and implementation of the updated rule mirrors that of the interval between issuance and implementation of the original rule, the commission wrote.

Sign up for a free preview to unlock the rest of this article

Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.

Start My Free Preview
The FTC voted 4-0 Monday to retain the scheduled July 1, implementation date of the updated Children’s Online Privacy Protection Act rule. The new rule was released in January and updates the initial rule, which was issued in 1999. Since the updated rule was released, industry members, including the Application Developers Alliance and online advertising trade associations have written to the agency asking it to delay implementation by six months (CD April 24 p9). In the letters, “petitioners have not raised any concrete facts to demonstrate that a delay is necessary,” the agency said in its response to industry members (http://1.usa.gov/YquwDn).

The agency addressed industry concerns about the addition of “persistent identifiers” to the expanded definition of personal information in the updated rule. The inclusion of “persistent identifiers” -- such as IP addresses and mobile device IDs -- was “under consideration at an early stage of the rulemaking process,” the FTC said. Additionally, “the Commission took several steps to reduce the potential burden” created by the rule’s inclusion of “persistent identifier,” the letter said. Under the new rule, operators are not required to gain parental notice and consent “where an operator collects a persistent identifier for the sole purpose of providing support for its internal operations,” the agency said. In addition to expanding the definition of “support for internal operations” twice, the FTC created a process for operators to suggest additional uses that should be included in the definition, the letter said: “Each of these changes ... helps ease compliance by the effective date."

The new rule provides more flexibility for operators by allowing them to gain parental consent for collection through “any means reasonably calculated, in light of available technology,” the agency wrote. That flexibility extends to the rule’s data security and minimization requirements, for which the rule does “not mandate any specific means to achieve those objectives,” the letter said. The agency will continue to provide guidance through its “webinars, the compliance hotline, the business center blog, and the recently revised FAQs,” the letter said.

"It’s unfortunate that the Commission will not give an extension,” Stu Ingis, privacy lawyer with Venable and general counsel to the Interactive Advertising Bureau, told us. The FTC has “created an environment that will ultimately limit children’s offerings online,” which “exceeds their statutory authority,” he said. Companies will have to suspend products until they can implement the changes needed for compliance, he said: “The Commission took significant extra time in releasing their Order given the complexity of the issue. It is unfortunate that they did not provide the same flexibility towards implementation of the rule.”