New technologies enable marketers to collect and analyze more — and more specific— data than ever before. Marketers can track consumers across the internet and mobile applications, and can deliver advertising based on consumers’ interests inferred from the collected data. In theory, consumer tracking enables marketers to present advertising to consumers who are predisposed to a specific product or service, producing a higher purchase rate and transaction price, and a greater return on investment in marketing activities.
While these new technologies make advertising and marketing more targeted and efficient, they also present new challenges for marketers. Although a majority of consumers understand the “pay with data” model through which websites, mobile applications and other digital services are made available at no cost, they do not want advertisers to track them or to aggregate the tracking data into so-called “big data” databases. Consequently, consumer digital privacy has been the subject of many recent news articles – from lawsuits filed by consumers against email service providers and social media platforms for undisclosed data mining to senatorial requests to data brokers for transparency.
In this four-part series, we will highlight of some recent developments in consumer data privacy law and suggested steps for marketers on how to address them.
Children’s Online Privacy Protection Act Amendments
The Children’s Online Privacy Protection Act (COPPA) is a federal statute enacted in 1998 that requires operators of commercial digital services to provide parental notification and obtain verifiable parental consent prior to collecting personal information from children under 13. To implement COPPA, the Federal Trade Commission (FTC) issued a set of regulations known as the Children’s Online Privacy Protection Rule (COPPA Rule). On December 19, 2012, the FTC released amendments to the COPPA Rule which became effective July 1, 2013.
The amended COPPA Rule enhances online privacy protection for children and makes digital services’ operators more accountable for data collection activities involving children under age 13. Notable for marketers is a new liability standard for third-party service providers. Specifically, effective July 1, 2013:
- The operator of “children-directed” (i.e., intended for children under age 13) online or mobile websites and services is strictly liable for actions of independent third parties – including social media plug-ins – on/through its website and mobile services if the third party is acting as its agent or service provider or if the operator benefits by allowing the third party information collection; and
- A software plug-in, ad network or similar party that collects information on or through a third-party’s online or mobile website or service now is liable under COPPA if that party has actual knowledge it is collecting personal information on a children-directed platform.
The amended COPPA Rule makes several other key changes to the original COPPA Rule, including:
- An expanded definition of personal information to include geo-location information, a child’s photo or audio or video file, screen or user names, and persistent identifiers, such as information held in a cookie, an IP address, a mobile device [...]