The Federal Trade Commission (FTC) finalized an update to the Children’s Online Privacy Protection Act (COPPA) rule this week. This update, announced by FTC Chair Andrew Ferguson, will go into effect on June 23. The new rule strengthens protections for children’s privacy online, which had been a point of concern during the rule’s long revision process. Privacy advocates had feared that the Trump-appointed FTC Chair might block or amend the rule before it could be officially implemented.
This development ends months of speculation after Ferguson’s critique of some rule aspects, causing uncertainty among privacy advocates. Cobun Zweifel-Keegan, a privacy expert, noted that these changes, especially the delay, created concern over whether the updated rule would be finalized. The publication of the rule in the Federal Register on Monday removes those doubts, ensuring that the new regulations will take effect on the scheduled date. The updated COPPA rule represents a significant federal action in children’s online privacy in decades.
The new rule brings stricter obligations for websites and apps regarding children’s privacy and data security. Websites must now create and monitor information security programs, ensuring risks are assessed annually. The updated rule also imposes rigorous data retention and deletion requirements for children’s personal data, including clear disclosures about how data is collected and shared. Websites and apps must disclose to users which third parties receive children’s data and the purposes of such disclosures.
Although Congress tried to pass a more stringent COPPA 2.0 law last year, it ultimately failed. The proposed law would have required parental approval before collecting or using children’s data. The new FTC rule does not include such a provision, which was seen as a major difference. The attempt to merge COPPA 2.0 with the Kids Online Safety Act (KOSA) resulted in the Kids Online Safety and Privacy Act (KOSPA), which passed the Senate but did not succeed.
Reference:
