FTC Finalizes Major Updates to COPPA
- Katarzyna Celińska
- 10 hours ago
- 2 min read
On April 22, 2025, the Federal Trade Commission (FTC) published the finalized amendments to the Children’s Online Privacy Protection Rule (COPPA), marking the most significant overhaul since 2013. These changes impose stringent new hasztag#compliance obligations on online services that collect, use, or disclose hasztag#personalinformation from children under 13.
Key Updates:
Parental Consent for Third-Party Disclosures:
Operators must obtain separate verifiable parental consent before disclosing a child's personal information to third parties, including for targeted advertising purposes. This consent must be distinct from the consent to collect or use the information.
Enhanced Data Security Requirements:
Operators are now required to establish and maintain a written children's personal information security program that meets COPPA standards. This includes implementing reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.
Data Retention and Deletion Policies:
Personal information collected from children must be retained only as long as necessary to fulfill the specific purpose for which it was collected. Operators must establish, implement, and maintain a written hasztag#dataretention policy that details the business need for retaining children's personal information and sets forth a timeline for deletion.
Expanded Definition of Personal Information:
The definition of "personal information" now includes biometric data and government-issued identifiers, reflecting the evolving nature of data collection practices.
New Methods for Verifiable Parental Consent:
The FTC has approved additional methods for obtaining verifiable parental consent, including knowledge-based authentication questions, facial recognition technology to match an image provided by the parent with a government-issued ID, and "text plus" verification methods.
Transparency in Safe Harbor Programs:
COPPA SafeHarbor programs must publicly disclose their membership lists within 90 days of the Final Rule’s publication and regularly update them. They are also required to report to the FTC the list of operators currently certified under their program and any approved websites or online services.
The Final Rule will take effect 60 days after its publication in the Federal Register.
Author: Sebastian Burgemejster
Yorumlar