Privacy: FTC Finalizes Children’s Online Privacy (COPPA) Amendments

KPMG Regulatory and Advisory Insights

• Privacy Expands: After over a decade, privacy protection rules for children see amendments to reflect changes in the marketplace.
• Collection of Personal Information: Significant changes in the collection of children’s personal information, including biometric identifiers.
• Data Security and Retention: Heightened standards to show ‘reasonable need’ for use/retention and security based on data sensitivity.
• Burden on Providers: The FTC states that the amendments aim to “shift the burden from parents to providers to ensure that digital services are safe and secure for children”.  

 __________________________________________________________________________________________________________________________________________________

The FTC finalized amendments to its rule implementing COPPA generally as proposed (see KPMG Regulatory Alert, here) with some “minor modifications” for clarity and to enhance readability. In a change from the proposal, the FTC did not adopt proposed provisions related to ed tech and the role of schools based on an anticipated student privacy rulemaking from the Department of Education.

As finalized, the rule becomes effective 60 days after publication in the Federal Register with compliance required 365 days following publication, except for certain Safe Harbor provisions that have earlier compliance dates. 

For an overview of the proposed amendments, see this KPMG Regulatory Alert: FTC NPR to Children’s Online Privacy (COPPA).