Website Policies 2.0
Wednesday, January 11th, 2017
By Natalya L. Rose
Why do you need to think about website policies again?
One good reason is the Children’s Online Privacy Protection Act (COPPA). The Federal Trade Commission (FTC) had done an excellent job of making the business community aware of COPPA. Unfortunately, the FTC has been less successful in getting recognition of the amendments to the COPPA Rule that became effective over three years ago. One of the changes under the Revised COPPA Rule is a different and much broader definition of personal information. This definition now captures not only the traditional types of personal data, such as name, telephone number, address, Social Security Number and online contact information, but also photo, video and audio files that contain a child’s image or voice, as well as user names, geolocation information, and persistent identifiers. Other definitions and exceptions within the Revised COPPA Rule clarify how personal information of children under the age of 13 may be collected, used and disclosed. The FTC makes several resources available to help businesses comply with the new rules, including the regularly revised guide titled Complying with COPPA: Frequently Asked Questions, all accessible at www.ftc.gov/tips-advice.
Compliance with the California Online Privacy Protection Act (CalOPPA) is also a must. CalOPPA’s requirements are first and foremost about disclosure and transparency – and making sure that you do what you say you do. These requirements apply to any person or entity operating a website or another online service (such as a mobile app) that collects personally identifiable information of California residents; the law’s restrictions and obligations are not limited by the consumer’s age. After first coming into effect nearly thirteen years ago, CalOPPA began to garner serious attention only within the last few years, thanks to the educational efforts of the California Attorney General, her warning letters to the app developers, and a lawsuit against Delta Airlines. In the meantime, CalOPPA’s “do not track” disclosure requirements became law. CalOPPA is once again a hot topic, this time because of the brand-new Complaint Form, allowing public reporting of potential violations. See for yourself at www.oag.ca.gov/privacy/caloppa/complaint-form.
California additionally has its own take on protecting the online privacy of minors. The law, titled Privacy Rights for California Minors in the Digital World, has been in effect for nearly two years, but is yet to enjoy widespread compliance. The main features of the law are a restriction on the marketing of certain products and services to minors, and a requirement that any registered user of a website, online services, or an online or mobile app, who is under the age of 18, be allowed to remove or to have removed all posted content or information. The removal obligation comes with a number of notice and disclosure requirements, and with a few exceptions, including the option to anonymize the minor’s content or information, instead of removing it.
Another reason is the ADA – yes, the Americans with Disabilities Act. You must ensure that your website (or app) is accessible. We do not yet have website accessibility rules for public accommodations: the Department of Justice (DOJ) had published an Advance Notice of Proposed Rulemaking in 2010, but the next step for public accommodations – that’s your website – is not expected until 2018. In the meantime, the DOJ and multiple courts have made it clear that websites are places of public accommodation and, as such, are subject to the ADA’s accessibility requirements. The claims against website operators under the ADA have reached enough momentum to become a major news story: just earlier this month, Wall Street Journal wrote about the more than 240 lawsuits brought on behalf of the blind. Before your website is added to that number or, more likely, receives a demand letter, educate yourself about website accessibility at www.w3.org, and work with your digital team to make your website accessible.
November 14, 2016 | First published in MusicRow