This post was also written by Anthony S. Traymore.
Almost down to the wire, here is the next installment summarizing the sixth of the seven principles contained in the Self-Regulatory Online Behavioral Advertising Principles released by the Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, in concert with the Council of Better Business Bureaus. For reference, the seven enumerated principles are:
- Education
- Transparency
- Consumer Control
- Data Security
- Material Changes
- Sensitive Data
- Accountability
The Sensitive Data principle segments sensitive data into two basic categories – personal information of children under the age of 13, and financial and health-related information, regardless of the age of the individual.
The Sensitive Data principle segments sensitive data into two basic categories – personal information of children under the age of 13, and financial and health-related information, regardless of the age of the individual.
With respect to the collection and use of data for online behavioral marketing purposes, if you have actual knowledge that any of the information being collected is from individuals under the age of 13, or if your website is targeted at children under the age of 13, the Sensitive Data principle states you should not be collecting any personal information from or be engaged in any online behavioral advertising with regard to that individual, unless you comply with the Children’s Online Privacy Protection Act (COPPA), and then, only to the extent specifically allowed by COPPA.
In case you’ve forgotten, COPPA requires you to have “verifiable parental consent” prior to collecting any personal data from children under the age of 13. The Federal Trade Commission routinely enforces COPPA, and violations may carry fines in excess of $1 million, in addition to the damage to goodwill and public image that can result. Compliance with the provisions of COPPA is tricky. While this post will not belabor the ambiguities that have already been reported about what constitutes “verifiable parental consent“, suffice it to say that when dealing with children under the age of 13, it is best to exercise considerable caution in connection with online marketing efforts – behavioral or otherwise – and to always consult an attorney well-versed in guiding you through the compliance maze.
With respect to personal information related to an individual’s financial or health status, age is not relevant to this sixth principle. What is relevant is the requirement that you obtain the consent of the individual if you are collecting the information online and you intend to use it. Prudent practice would indicate you should affirmatively obtain the individual’s consent in advance – whether during the process of registration, through formal acceptance of terms of use that clearly solicit consent, or through any other means. Clearly, if you plan to share this information with third parties in connection with online behavioral marketing efforts, you should indicate that to the individual. In all cases, the principle notes that you should always provide the individual with the right and an option, at any time, to opt-out of the use of his or her information for such purposes.
As mentioned, this is the sixth of the seven principles being highlighted, but if you would like to read the entire “Self-Regulatory Principles for Online Behavioral Advertising” report now, in its entirety, just follow the link. Legal Bytes will be bringing you a summary of the remaining principle next week. And now, as always, if you have any questions or need help, please feel free to contact Anthony S. Traymore or me, or any of the Rimon attorneys with whom you regularly work.