CUNA Regulatory Comment Call
January 26, 2005
FTC Proposes to Extend Permanently the Use of E-mail for Obtaining Consents Under the Childrens Online Privacy Protection Act
- The Federal Trade Commission (FTC) proposes to amend the Childrens Online Privacy Protection Act (COPPA) rules to make permanent the temporary provision that allows website operators to obtain parental consent by e-mail when they collect information from children that is used only for internal purposes. An example may be when a credit union collects such information as part of a childs participation in an online activity or game. COPPA governs the online collection of personal information from children under the age of 13. The FTC issued rules in November 1999 to implement COPPA.
- At the time the rules were issued, questions were raised as to whether COPPA applied to credit unions based on language that could be interpreted to exempt nonprofit entities.
- The National Credit Union Administration (NCUA) has reviewed this issue and concluded that COPPA applies to credit unions. NCUA has the enforcement authority for federal credit unions. FTC would have enforcement authority for state-chartered credit unions, but FTC staff has indicated to CUNA in the past that they believe COPPA does not apply to credit unions, although this position could change in the future.
- The rules require the following:
- Notice to parents regarding collection of personal information from children under the age of 13.
- That parents provide consent before the information is collected, used, or disclosed. The rules include certain exceptions to this prior consent requirement.
- The ability for parents to review the information that is collected, used, or disclosed.
- The ability for parents to prevent further use of information that has been collected and further collection of additional information.
- That collection of personal information for a childs participation in a game or activity be limited to information that is reasonably necessary.
- Procedures to protect the confidentiality and security of personal information that is collected.
- Click here for CUNAs Final Rule Analysis for more information about the COPPA rules.
- The provision allowing operators of websites directed at children to use e-mails as a means of obtaining parental consent for the collection of personal information from children is set to expire on April 21, 2005. The FTC intended to amend this provision to include updated methods, based on the cost and availability of current technology that may exist.
- The COPPA provision regarding e-mail consents applies only to personal information that is being collected for internal use, and this method of obtaining consent must also include a means to confirm that consent was received from the parent. Such confirmation may include, for example, the credit union sending a confirmation e-mail to the parent after receiving the consent or confirming the consent by telephone or mail.
- The FTC now proposes to make permanent the use of e-mails for purposes of obtaining these consents because the expected progress in technology has not occurred.
- For personal information that a website operator may share with third parties, COPPA has and will continue to require more secure means of obtaining verifiable consents. Such methods may include forms that are signed by the parent and then mailed or faxed to the website operator, use of toll-free telephone numbers, or use of digital certificates.
- Comments on the proposal are due by February 14, 2005. Please submit your comments to CUNA by February 7, 2005. If you provide comments directly to the FTC, please refer to Sliding Scale 2005, Project No. P054503.
Please feel free to fax your responses to CUNA at 202-638-7052; e-mail them to Senior Vice President and Associate General Counsel Mary Dunn at email@example.com and to Assistant General Counsel Jeff Bloch at firstname.lastname@example.org; or mail them to Mary and Jeff in c/o CUNAs Regulatory Advocacy Department, 601 Pennsylvania Avenue, NW, South Building, Suite 600, Washington, DC 20004-2601. You may also contact us at 800-356-9655, ext. 6732, if you would like a copy of the proposed rule or you may access it here.
QUESTIONS TO CONSIDER REGARDING THE FTCS PROPOSAL
- Are secure electronic mechanisms now widely available to facilitate verifiable parental
consent at a reasonable cost? If not, how would eliminating or extending the e-mail consent
provisions affect the development of such mechanisms?
- What effect would eliminating the e-mail consent provisions have on your information
collection practices? Are these provisions working effectively?
- Should the e-mail consent provisions be made permanent, be eliminated, or be extended for
an additional period of time? Please explain why. If extended, for how long should they be
- Other comments?
Eric Richard General Counsel (202) 508-6742 email@example.com
Mary Mitchell Dunn SVP & Associate General Counsel (202) 508-6736 firstname.lastname@example.org
Jeffrey Bloch Assistant General Counsel (202) 508-6732 email@example.com
Lilly Thomas Assistant General Counsel (202) 508-6733 firstname.lastname@example.org
Catherine Orr Senior Regulatory Counsel (202) 508-6743 email@example.com