CUNA Regulatory Comment Call


January 26, 2005

FTC Proposes to Extend Permanently the Use of E-mail for Obtaining Consents Under the Children’s Online Privacy Protection Act

  • The Federal Trade Commission (FTC) proposes to amend the Children’s Online Privacy Protection Act (COPPA) rules to make permanent the temporary provision that allows website operators to obtain parental consent by e-mail when they collect information from children that is used only for internal purposes. An example may be when a credit union collects such information as part of a child’s participation in an online activity or game. COPPA governs the online collection of personal information from children under the age of 13. The FTC issued rules in November 1999 to implement COPPA.

  • At the time the rules were issued, questions were raised as to whether COPPA applied to credit unions based on language that could be interpreted to exempt nonprofit entities.

  • The National Credit Union Administration (NCUA) has reviewed this issue and concluded that COPPA applies to credit unions. NCUA has the enforcement authority for federal credit unions. FTC would have enforcement authority for state-chartered credit unions, but FTC staff has indicated to CUNA in the past that they believe COPPA does not apply to credit unions, although this position could change in the future.

  • The rules require the following:
    • Notice to parents regarding collection of personal information from children under the age of 13.
    • That parents provide consent before the information is collected, used, or disclosed. The rules include certain exceptions to this prior consent requirement.
    • The ability for parents to review the information that is collected, used, or disclosed.
    • The ability for parents to prevent further use of information that has been collected and further collection of additional information.
    • That collection of personal information for a child’s participation in a game or activity be limited to information that is reasonably necessary.
    • Procedures to protect the confidentiality and security of personal information that is collected.

  • Click here for CUNA’s Final Rule Analysis for more information about the COPPA rules.

  • The provision allowing operators of websites directed at children to use e-mails as a means of obtaining parental consent for the collection of personal information from children is set to expire on April 21, 2005. The FTC intended to amend this provision to include updated methods, based on the cost and availability of current technology that may exist.

  • The COPPA provision regarding e-mail consents applies only to personal information that is being collected for internal use, and this method of obtaining consent must also include a means to confirm that consent was received from the parent. Such confirmation may include, for example, the credit union sending a confirmation e-mail to the parent after receiving the consent or confirming the consent by telephone or mail.

  • The FTC now proposes to make permanent the use of e-mails for purposes of obtaining these consents because the expected progress in technology has not occurred.

  • For personal information that a website operator may share with third parties, COPPA has and will continue to require more secure means of obtaining verifiable consents. Such methods may include forms that are signed by the parent and then mailed or faxed to the website operator, use of toll-free telephone numbers, or use of digital certificates.

  • Comments on the proposal are due by February 14, 2005. Please submit your comments to CUNA by February 7, 2005. If you provide comments directly to the FTC, please refer to “Sliding Scale 2005, Project No. P054503.”

Please feel free to fax your responses to CUNA at 202-638-7052; e-mail them to Senior Vice President and Associate General Counsel Mary Dunn at mdunn@cuna.coop and to Assistant General Counsel Jeff Bloch at jbloch@cuna.coop; or mail them to Mary and Jeff in c/o CUNA’s Regulatory Advocacy Department, 601 Pennsylvania Avenue, NW, South Building, Suite 600, Washington, DC 20004-2601. You may also contact us at 800-356-9655, ext. 6732, if you would like a copy of the proposed rule or you may access it here.

QUESTIONS TO CONSIDER REGARDING THE FTC’S PROPOSAL

  • Are secure electronic mechanisms now widely available to facilitate verifiable parental consent at a reasonable cost? If not, how would eliminating or extending the e-mail consent provisions affect the development of such mechanisms?











  • What effect would eliminating the e-mail consent provisions have on your information collection practices? Are these provisions working effectively?











  • Should the e-mail consent provisions be made permanent, be eliminated, or be extended for an additional period of time? Please explain why. If extended, for how long should they be extended?











  • Other comments?











    Eric Richard • General Counsel • (202) 508-6742 • erichard@cuna.com
    Mary Mitchell Dunn • SVP & Associate General Counsel • (202) 508-6736 • mdunn@cuna.com
    Jeffrey Bloch • Assistant General Counsel • (202) 508-6732 • jbloch@cuna.com
    Lilly Thomas • Assistant General Counsel • (202) 508-6733 • lthomas@cuna.com
    Catherine Orr • Senior Regulatory Counsel • (202) 508-6743 • corr@cuna.com
    Copyright © 2012 Credit Union National Association