parental consent
Subscribe to parental consent's Posts

In with the New: 2014 Privacy, Advertising and Digital Media Predictions

Data privacy and security made the headlines practically daily in 2013.  Our second annual Privacy and Data Protection 2013 Year in Review topped 65 pages!

What privacy, advertising and digital media trends will make headlines in 2014? Here are predictions from Of Digital Interest’s U.S. editorial team:

User Tracking Law Enforcement in California: “Amendments to the California Online Privacy Protection Act (CalOPPA) took effect on January 1, 2014 that require every website that is available to California residents to disclose how it responds to Do Not Track signals from web browsers and what third party data collection is occurring on the website.  I predict that we will see enforcement activity from the California Attorney General about whether website owners/operators have made disclosures to consumers that not only meet the new CalOPPA requirements but also accurately reflect tracking activities by the website and by third parties.”  – Heather Egan Sussman, Partner

No Kid-ding:  “January 1 marked the six-month anniversary of the effective date of the amended “COPPA Rule,” which requires businesses to have parental consent before personal information is collected from kids under age 13.  Having just approved a parental consent method (in December), I predict that the Federal Trade Commission (FTC) will initiate COPPA enforcement actions related to social media (now that photos and videos are personal information under COPPA) and in mobile apps (now that COPPA covers geo-location data).  Perhaps the FTC will start by investigating the app developers to which the FTC sent letters explaining their new COPPA compliance responsibilities last May.”  – Julia Jacobson, Partner

Safe Harbor Will Stay Safe:  “Last year’s government surveillance accusations made the U.S. Safe Harbor Program a flash point for debate between EU and U.S. data protection regulators.  Nevertheless, very few on either side of the Atlantic believe that companies properly certified under the Safe Harbor Program should disrupt data transfers necessary to meet credible business objectives.   I predict that the rhetoric will continue, but so will the U.S. Safe Harbor Program, albeit perhaps tweaked in response to the European Commission’s recently-issued recommendations to improve the Progam’s effectiveness.   More debate to come in 2014, but, meanwhile, many U.S. companies will continue to view Safe Harbor certification as their preferred approach to E.U. data protection compliance and will continue to implement data protection policies and programs intended to comply with the Safe Harbor Principles.”  – Ann Killilea, Counsel

Cloudy Forecast:  “The year of 2014 is quickly becoming the year of the mega-sized data breach, with the Target and Neiman Marcus incidents leading the way.  Corporate customers have long been aware that cloud offerings present data security concerns, but may not have been as laser-focused on the data breach aspects as they should.  I predict that in 2014, as the cloud service market becomes a commercial fact of life, data breach concerns will dominate how customers select and contract with their cloud service providers, and how they implement their incident response plans by including cloud service providers in their preparations.”  – [...]

Continue Reading




New COPPA Parental Consent Method Approved by FTC

The Federal Trade Commission’s (FTC) amended Children’s Online Privacy Protection Act (COPPA) Rule (16 CFR § 312 et seq.), effective July 1, 2013, allows industry groups and companies to apply for FTC approval of new parental consent methods that aim to provide substantially the same or greater protections for children’s online privacy than the parental consent methods described in COPPA.  COPPA requires parental consent to be “verifiable.”  Thus, the key to establishing a new parental consent verification method under COPPA is to demonstrate that the authentication process is sufficiently reliable to ensure that the person providing consent is the child’s parent.

To date, three companies have applied to the FTC proposing new consent methods.  The first application, filed in June 2013, proposed a social network-based verification method whereby the system would ask a parent’s “friends” on a social network to verify whether the person providing consent is the child’s parent.  The FTC rejected the proposal as lacking sufficient proof of reliability.  The FTC noted that, although the proposed method requires a minimum number of verifiers and a minimum “trust score,” the proposal failed to establish a particular “trust score” or a particular number of verifiers as adequate for authentication purposes.  The FTC viewed the proposed method as involving an emerging technology and requiring further efficacy studies.

Unlike the first application, the other two applications both proposed more conventional knowledge-based authentication (KBA) methods similar to those used by financial institutions and credit bureaus.  According to the FTC, these types of KBA methods, when implemented properly, are sufficiently reliable for identity authentication.

The second application, filed in August 2013, proposed a system that requires a child signing up on a website or mobile app to provide the name and email address of a parent.  The system would send an email notification to the email address provided by the child that contained a link for the parent to grant consent and provide name, address, birthdate and the last four digits of his/her Social Security number (SSN).  Then, the system would verify the parent’s identity by cross-checking the information provided against various consumer databases.  If the parent’s identity cannot be verified by the cross-checking process, the system, as the fallback option, would ask the parent to answer a series of knowledge-based personal questions (previous addresses, phone numbers, etc.).

The third application, filed in October 2013, adopted a similar but more rigorous process than the process described in the second application.  The third proposed method would use the name, address and last four digits of SSN provided by the parent to locate the parent’s “unique data record” from consumer databases and to generate up to six random questions that the parent must correctly answer for verification to be successful.  The parent also would be required to provide a telephone number for the system to call to complete the process.  This third application is open to public comment until late January 2014.

On December 23, 2013, the FTC approved the method described in the second application [...]

Continue Reading




STAY CONNECTED

TOPICS

ARCHIVES

2021 Chambers USA top ranked firm
LEgal 500 EMEA top tier firm 2021