The IT Law Wiki
The IT Law Wiki

Overview[]

The Children's Online Privacy Protection Act (COPPA) established a safe harbor for participants in FTC-approved COPPA self-regulatory programs.[1] With the safe harbor provision, Congress intended to encourage industry members and other groups to develop their own COPPA oversight programs, thereby promoting efficiency and flexibility in complying with COPPA’s substantive provisions.[2] COPPA's safe harbor provision also was intended to reward operators’ good faith efforts to comply with COPPA. The Rule therefore provides that operators fully complying with an approved safe harbor program will be "deemed to be in compliance" with the Rule for purposes of enforcement. In lieu of formal enforcement actions, such operators instead are subject first to the safe harbor program’s own review and disciplinary procedures.[3]

Section 312.10 of the Rule sets forth the criteria the FTC uses to approve applications for safe harbor status under COPPA. First, the self-regulatory program must contain guidelines that protect children’s online privacy to the same or greater extent as the Rule and ensure that each potential participant complies with these guidelines.[4] Second, the program must monitor the participant’s practices on an ongoing basis to ensure that the participant continues to comply with both the program’s guidelines and the participant’s own privacy notices.[5] Finally, the safe harbor program must contain effective incentive mechanisms to ensure operators' compliance with program guidelines.[6]

References[]

  1. See 15 U.S.C. §6503.
  2. See 1999 Statement of Basis and Purpose, 64 Fed. Reg. 59888, 59906 (Nov. 3, 1999) (“[T]his section serves as an incentive for industry self-regulation; by allowing flexibility in the development of self-regulatory guidelines, it ensures that the protections afforded children under this Rule are implemented in a manner that takes into account industry specific concerns and technological developments”).
  3. See 16 C.F.R. §312.10(a) and (b)(4).
  4. See id. §312.10(b)(1).
  5. See id. §312.10(b)(2)(i)-(iv).
  6. See id. §312.10(b)(3)(i)-(v). Effective incentives include mandatory public reporting of disciplinary action taken against participants by the safe harbor program; consumer redress; voluntary payments to the U.S. Treasury; referral of violators to the Commission; or any other equally effective incentive. Id.

Source[]

  • FTC, Children’s Online Privacy Protection Rule, __ Fed. Reg. __ (Sept. 15, 2011) (full-text).