COPPA NPRM - Supporting Statement - 2024-FINAL

COPPA NPRM - Supporting Statement - 2024-FINAL.pdf

The Children's Online Privacy Protection Rule

OMB: 3084-0117

Document [pdf]
Download: pdf | pdf
Supporting Statement for Proposed Amendments to
the Children’s Online Privacy Protection Rule, 16 CFR Part 312
(OMB Control # 3084-0117)
Overview
The current Children’s Online Privacy Protection Rule, 16 C.F.R. Part 312 (“COPPA
Rule” or “Rule”), contains recordkeeping, disclosure, and reporting requirements that constitute
“information collection requirements” as defined by 5 C.F.R. § 1320.3(c) under the Office of
Management and Budget (“OMB”) regulations that implement the Paperwork Reduction Act
(“PRA”). OMB has approved the Rule’s existing information collection requirements through
March 31, 2025 (OMB Control No. 3084-0117).
The Federal Trade Commission (“FTC” or “Commission”) now proposes amendments to
the COPPA Rule that would increase disclosure obligations for covered operators of websites
and online services and FTC-approved COPPA Safe Harbor programs. Also, FTC-approved
COPPA Safe Harbor programs would face additional reporting obligations under the proposed
Rule. Commission staff does not believe that the proposed Rule would increase operators’
recordkeeping obligations. Finally, the Commission is also seeking public comment on whether
proposed changes to the Rule’s definition of “website or online service directed to children”
could increase the number of operators subject to the Rule’s requirements. Any prospective
Final Rule by the Commission will review any relevant comments relating to the proposed Rule
and adjust the estimated PRA burden as necessary at that time. The Commission requests
approval for the proposed information collections associated with the Notice of Proposed
Rulemaking (“NPRM”).
(1) & (2)

Necessity for and Use of the Information Collected

The Children’s Online Privacy Protection Act (“COPPA” or “Act”), 15 U.S.C. § 6501 et
seq., prohibits unfair and deceptive acts and practices in connection with the collection of
personal information from children online and the use and disclosure of such information. The
COPPA Rule, 16 C.F.R. Part 312, implements this mandate by requiring commercial websites to,
among other things, provide notice and obtain parental consent before collecting, using, or
disclosing personal information from children under age thirteen, with limited exceptions.
On July 25, 2019, the FTC announced that it was undertaking a review of the Rule,
noting that questions had arisen about the Rule’s application to the educational technology
sector, voice-enabled connected devices, and general audience platforms that host third-party
child-directed content. The Commission sought public comment on these and other issues,
including specific questions about the Rule’s provisions and the 2013 amendments of the Rule.
In response, the Commission received over 175,000 comments from various stakeholders,
including industry representatives, video content creators, consumer advocacy groups,
academics, technologists, safe harbor programs, members of Congress, and individual members
of the public.

Following consideration of the submitted public comments, viewpoints expressed during
the COPPA Workshop, and the Commission’s experience enforcing the Rule, the Commission is
proposing a number of changes to the Rule to help ensure the Rule remains relevant to
changing technology and business practices. The following disclosure and reporting
requirements would promote transparency, enhance parents’ ability to make informed decisions
about whether to consent to the collection of their children’s personal information, enhance
schools’ ability to make informed decisions about whether to authorize the collection of
children's personal information where such collection is for the use and benefit of the school, and
strengthen oversight over operators and Safe Harbors’ practices:

(3)



The proposed Rule includes a new requirement that operators newly subject to the Rule
establish, implement, maintain, and disclose a data retention policy.



The proposed Rule imposes various new disclosure requirements on operators already
subject to the Rule. Specifically, the proposed amendments require operators to update
existing disclosures, namely, to update the direct and online notices with additional
information about the operators’ information practices. Additionally, some operators
may have to provide disclosures that were not previously required under the Rule. For
operators utilizing the support for the internal operations exception, 16 C.F.R.
§ 312.5(c)(7), the proposed Rule will now require such operators to provide an online
notice. Similarly, the proposed Rule will require operators utilizing the proposed school
authorization exception, which is newly numbered as 16 C.F.R. § 312.5(c)(10), to
provide an online notice, provide a direct notice to the school, and enter into a written
agreement with the school. Additionally, the proposed Rule requires operators to
disclose a data retention policy.



The proposed Rule will also require each FTC-approved COPPA Safe Harbor program to
provide a list of all current subject operators on each of the FTC-approved COPPA Safe
Harbor program’s websites and online services, and the proposed Rule further requires
that such list be updated every six months thereafter.



The proposed amendments will require FTC-approved COPPA Safe Harbor programs to
include additional content in their annual reports. The proposed amendments will also
require each FTC-approved COPPA Safe Harbor program to submit a report to the
Commission every three years detailing the program’s technological capabilities and
mechanisms for assessing subject operators’ fitness for membership in the program.
Consideration of the Use of Information Technology to Reduce Burden

The NPRM permits the use of any technologies that covered firms may wish to employ
and that may reduce the burden of information collection, consistent with the aims of the
Government Paperwork Elimination Act, 44 U.S.C. § 3504 note. The Commission has taken
care in developing the proposed amendments to set performance standards that will establish the
objective results that must be achieved by regulated entities, but do not mandate a particular
technology that must be employed in achieving these objectives. For example, section
2

312.5(b)(1) of the proposed Rule maintains the standard that requires operators to “make
reasonable efforts to obtain verifiable parental consent, taking into consideration available
technology” when designing consent mechanisms. The Commission proposes revising section
312.5(b)(2) to add to the existing non-exhaustive list of acceptable methods for obtaining consent
two methods that include technologies the Commission has approved since the Commission last
revised the COPPA Rule through amendments that became effective in 2013. In addition, the
proposed revisions to section 312.8 of the Rule require operators to establish, implement, and
maintain a written children's information security program. Rather than specifying particular
technical or other safeguards that operators must include in their information security programs,
the proposed Rule requires operators to include safeguards that are appropriate to the sensitivity
of the personal information collected from children and the operators’ size, complexity, nature
and scope of activities, and internal and external risks to the confidentiality, security, and
integrity of personal information collected from children as identified through risk assessments.
(4)

Efforts to Identify Duplication

The Commission has not identified any other federal statutes, rules, or policies that would
duplicate, overlap, or conflict with the proposed Rule. While the proposed Rule includes
amendments related to schools, the Commission believes it has drafted the proposed Rule
amendments to ensure the proposed Rule does not duplicate, overlap, or conflict with the Family
Educational Rights and Privacy Act, 20 U.S.C. § 1232g.
(5)

Efforts to Minimize Burden on Small Organizations

In drafting the proposed Rule, the Commission has made every effort to avoid unduly
burdensome requirements for entities, including small entities. The Commission believes that
the proposed amendments are necessary to continue to protect children’s online privacy in
accordance with the purposes of COPPA. For each of the proposed amendments, the
Commission has attempted to tailor the provision to any concerns evidenced by the record to
date. On balance, the Commission believes that the benefits to children and their parents
outweigh any potential increased costs of implementation to industry.
For example, some commenters called for the Commission to implement specific time
limits on data retention, noting that operators could read the Rule as currently written to allow
indefinite retention of personal information. Rather than impose specific limitations that would
apply to operators that collect different types of personal information for varying types of
activities, the Commission alternatively proposes to state explicitly that indefinite retention is
prohibited and require operators to establish a written data retention policy that sets forth a
timeframe for deletion.
Additionally, the Commission has taken care in developing the proposed amendments to
set performance standards that will establish the objective results that must be achieved by
regulated entities, but do not mandate a particular technology that must be employed in
achieving these objectives. In sum, the agency has worked to minimize any significant economic
impact on small businesses.
3

(6)

Consequences of Conducting the Collection Less Frequently

Less frequent disclosures would violate the express statutory language and intent of the
Act. The statute requires both that notice be given online and that notice regarding the operator’s
information practices be given to parents upon request. Parental notice under the Rule works in
tandem with the COPPA’s mandated parental consent requirement. Thus, the Rule does not
require notices any more frequently than necessary for operators to comply with the statute and
to enable parents to make an informed decision about an operator’s collection, maintenance, use,
or disclosure of their children’s personal information. While the proposed Rule includes
additional content requirements for such notices, it does not require more frequent disclosures
than what is required by statute.
(7)

Circumstances Requiring Collection Inconsistent With Guidelines

The collection of information in the Rule is consistent with all applicable guidelines
contained in 5 C.F.R. § 1320.5(d)(2).
(8)

Public Comments/Consultation Outside the Agency

Since the Rule was first enacted in 2000, the Commission has on an ongoing basis
engaged with the affected public through informal and formal consultations. Among other
actions, this includes various Notice of Proposed Rulemakings issued in 20011 and 2005,2 and
rule reviews initiated in 20103 and 2019.4
Separately, the Commission has also sought public comments every three years as part of
the required process to receive renewed clearance for PRA information collections. In the
instant context, in accordance with 5 C.F.R. § 1320.8(d), the FTC is seeking public comment on
the proposed collections of information (or proposed amendments to them). 89 Fed. Reg. 2034
(Jan. 11, 2024). The Commission most recently invited public comment in connection with its
latest PRA clearance request for this Rule. See 87 Fed. Reg. 10,791 (Feb. 25, 2022). The
Commission received no germane comments.
(9)

Payments and Gifts to Respondents
Not applicable.

1

66 Fed. Reg. 54,963 (Oct. 31, 2001).

2

70 Fed. Reg. 2,580 (Jan. 14, 2005).

3

75 Fed. Reg. 17,089 (Apr. 5, 2010).

4

84 Fed. Reg. 35,842 (July 25, 2019).
4

(10)

Assurances of Confidentiality

Except for the proposed and current Safe Harbor reporting requirements, the Rule’s
requirement that regulated entities disclose and/or maintain records do not require the
submission of any such records to the agency. Thus, to the extent, if any, that the agency may
require production of such records for law enforcement purposes in specific proceedings, such
production would not constitute an information collection activity within the meaning of the
Paperwork Reduction Act. In any event, in such proceedings, records would be protected by
law from mandatory public disclosure.5 Report submissions associated with the Safe Harbor
requirements are afforded protections that are associated with the designation of confidentiality
for their submissions as set forth in the FTC Act.6
(11)

Matters of a Sensitive Nature

Except for the proposed and current Safe Harbor reporting requirements, the Rule does
not require the disclosure or production of sensitive or confidential information to the
Commission. To the extent that confidential information covered by a recordkeeping
requirement is collected by the Commission for law enforcement purposes, the confidentiality
provisions of Section 21 of the FTC Act, 15 U.S.C. § 57b-2, will apply. Report submissions
associated with the Safe Harbor requirements are afforded protections associated with the
designation of confidentiality for their submissions as set forth in the FTC Act.7
(12)

Estimated Annual Hours and Labor Cost Burden
Estimated Additional Annual Hours Burden: 134,578 (derived from 134,200 + 378).
A. Number of Respondents

As noted in the Regulatory Flexibility Section of the NPRM, Commission staff estimates
that there are currently approximately 5,710 operators subject to the Rule. Commission staff
believes that the changes that are most likely to affect the number of operators subject to the
Rule are the Commission’s proposed changes to the Rule’s definition of “website or online
service directed to children.” Of most relevance to this discussion, the Commission proposes to
modify paragraph 2 of this definition to account for third parties with actual knowledge that they
collect children’s information from users of a child-directed site or service, even if such third
parties do not collect the information directly from such users. While Commission staff
contemplates that this modification could increase the number of operators subject to the Rule’s
requirements, staff does not have sufficient evidence to estimate the amount of increase and
5

Exemption 7(A) of the Freedom of Information Act, 5 U.S.C. 552(b)(7)(A), would apply to withhold
information from pending or active investigations where disclosure is reasonably expected to cause
articulable harm.

6

See, e.g., Section 21(c) of the FTC Act, 15 U.S.C. § 57b-2(c).

7

Id.
5

therefore the Commission welcomes comment on this issue. Commission staff does not expect
that the other proposed modifications to this definition, such as the additional exemplar factors
the Commission will consider in determining whether a site or service is child-directed, will alter
the number of operators subject to the Rule.
Commission staff does not believe that other proposed modifications to the Rule’s
definitions will affect the number of operators subject to the Rule. For example, Commission
staff does not expect that the Commission’s proposed addition of “biometric identifiers” to the
Rule’s definition of “personal information” will significantly alter the number of operators
subject to the Rule. Commission staff believes that all or nearly all operators of websites or
online services that collect “biometric identifiers” from children are already subject to the Rule.
In total, to the extent that any of the Commission’s proposed revisions of the Rule’s
definitions might result in minor additional numbers of operators being subject to the Rule,
Commission staff believes that any such increase will be offset by other operators of websites or
online services adjusting their information collection practices so that they will not be subject to
the Rule.
For this burden analysis, the Commission staff retains its recently published estimate of
280 new operators per year.8 Commission staff also retains its estimate that no more than one
additional FTC-approved COPPA Safe Harbor program applicant is likely to submit a request
within the next three years of PRA clearance.
B. Recordkeeping Hours
While the proposed Rule requires operators to establish, implement, and maintain a
written comprehensive security program and data retention policy, such requirements do not
constitute a “collection of information” under the PRA. Namely, under the proposed Rule, each
operator’s security program and the safeguards instituted under such program will vary
according to the operator’s size and complexity, the nature and scope of its activities, the
sensitivity of the information involved, and internal and external risks to the confidentiality,
security, and integrity of personal information collected from children as identified through risk
assessments. Similarly, the instituted data retention policy will differ depending on the
operator’s business practices. Thus, although each operator must summarize its compliance
efforts in one or more written documents, the discretionary balancing of factors and
circumstances that the proposed Rule allows does not require entities to answer “identical
questions” and therefore does not trigger the PRA’s requirements.
Separately, the proposed Rule imposes minimal recordkeeping requirements for FTCapproved COPPA Safe Harbor programs. However, FTC staff understands that most of the
records listed in the COPPA Rule’s safe harbor recordkeeping provisions consist of
documentation that covered entities retain in the ordinary course of business irrespective of the
8

See 2022 COPPA PRA Supporting Statement, available at https://omb.report/icr/202112-3084002/doc/119087900 (hereinafter, “2022 COPPA PRA Supporting Statement”).
6

COPPA Rule. OMB excludes from the definition of PRA burden, among other things,
recordkeeping requirements that customarily would be undertaken independently in the normal
course of business. In staff’s view, any incremental burden posed by the proposed Rule – such
as that to include additional content in annual reports, submit a report to the Commission every
three years detailing technological capabilities and mechanisms, and publicly post membership
lists – would be marginal.
C. Disclosure Hours 134,200 (derived from 2,800 + 131,330 +70).
1. New Operators’ Disclosure Burden: 2,800.
FTC staff estimates that the Rule affects approximately 280 new operators per year. The
proposed Rule includes a new requirement that operators establish, implement, maintain, and
disclose a data retention policy. Staff estimates it will require, on average, approximately 10
hours per new operator to meet the data retention policy requirement. This yields an estimated
annual hours burden of 2,800 hours (280 respondents × 10 hours).9
2. Existing Operators’ Disclosure Burden: 131,330.
The proposed Rule imposes various new disclosure requirements on operators already
subject to the Rule. Specifically, the proposed amendments require operators to update existing
disclosures, namely, to update the direct and online notices with additional information about the
operators’ information practices. Additionally, some operators may have to provide disclosures
that were not previously required under the Rule. For operators utilizing the support for the
internal operations exception, 16 C.F.R. § 312.5(c)(7), the proposed Rule will now require such
operators to provide an online notice. Similarly, the proposed Rule will require operators
utilizing the proposed school authorization exception, which is newly numbered as 16 C.F.R.
§ 312.5(c)(10), to provide an online notice, a direct notice to the school, and enter into a written
agreement with the school. Additionally, the proposed Rule requires operators to disclose a data
retention policy.
Commission staff believes that an existing operator’s time to make these changes to its
online and direct notices would be no more than that estimated for a new entrant to craft an
online notice and direct notice for the first time, i.e., 60 hours. Regarding the written agreement,
FTC staff understands that many ed tech operators enter into standard contracts with schools,
school districts, and other education organizations across the country, and this requirement is not
intended to interfere with such contractual arrangements. Therefore, this agreement likely
consists of documentation that covered entities retain in the ordinary course of business,

9

The Commission has pre-existing PRA approval for its longstanding estimate that new operators of
websites and online services will require, on average, approximately 60 hours to draft a privacy policy,
design mechanisms to provide the required online privacy notice and, where applicable, provide the direct
notice to parents. The proposed amendments would add 10 hours to this disclosure estimate for new
operators.
7

irrespective of the COPPA Rule.10 Additionally, as discussed previously, Commission staff
believes the time necessary to develop, draft, and publish a data retention policy is approximately
10 hours. Therefore, these one-time disclosure requirements will amount to 70 hours of burden.
Annualized over three years of PRA clearance, this amounts to approximately 23 hours (70 hours
÷ 3 years) per operator each year. Aggregated for the 5,710 existing operators, the annualized
disclosure burden for these requirements would be approximately 131,330 hours per year (5,710
respondents x 23 hours).
3. Safe Harbor Disclosure Burden: 70.
The proposed Rule will also require each FTC-approved COPPA Safe Harbor program to
provide a list of all current subject operators on each of the FTC-approved COPPA Safe Harbor
program’s websites and online services, and the proposed Rule further requires that such list be
updated every six months thereafter. Because FTC-approved COPPA Safe Harbor programs
likely already keep up-to-date lists of their subject operators, Commission staff does not
anticipate this requirement will significantly burden FTC-approved COPPA Safe Harbor
programs. To account for time necessary to prepare the list for publication and to ensure that the
list is updated every 6 months, Commission staff estimates 10 hours per year. Aggregated for
one new FTC-approved COPPA Safe Harbor program and six existing FTC-approved COPPA
Safe Harbor programs, this amounts to an estimated cumulative disclosure burden of 70 hours
per year (7 respondents × 10 hours).
D. Reporting Hours: 378 (derived from 350 + 28).
The proposed amendments will require FTC-approved COPPA Safe Harbor programs to
include additional content in their annual reports. The proposed amendments will also require
each FTC-approved COPPA Safe Harbor program to submit a report to the Commission every
three years detailing the program’s technological capabilities and mechanisms for assessing
subject operators’ fitness for membership in the program.
The burden for conducting subject operator audits and preparing the annual reports likely
varies by FTC-approved COPPA Safe Harbor program, depending on the number of subject
operators. Commission staff estimates that the additional reporting requirements for the annual
report will require approximately 50 hours per program per year. Aggregated for one new FTCapproved COPPA Safe Harbor program (50 hours) and six existing (300 hours) FTC-approved
COPPA Safe Harbor programs, this amounts to an estimated cumulative reporting burden of 350
hours per year (7 respondents × 50 hours).
Regarding the reports that the proposed Rule will require FTC-approved Safe Harbor
programs to submit to the Commission every three years, § 312.11(c)(1) of the Rule already
requires FTC-approved COPPA Safe Harbor programs to include similar information in their
initial application to the Commission. Specifically, § 312.11(c)(1) requires that the application
10

As noted above, OMB excludes from the definition of PRA burden, among other things, recordkeeping
requirements that customarily would be undertaken independently in the normal course of business.
8

address FTC-approved COPPA Safe Harbor programs’ business models and the technological
capabilities and mechanisms they will use for initial and continuing assessment of operators’
fitness for membership in their programs. Consequently, the three-year reports should merely
require reviewing and potentially updating an already-existing report. Staff estimates that
reviewing and updating existing information to comply with proposed § 312.11(f) will require
approximately 10 hours per FTC-approved COPPA Safe Harbor program. Divided over the
three-year period, FTC staff estimates that annualized burden attributable to this requirement
would be approximately 3.33 hours per year (10 hours ÷ 3 years) per FTC-approved COPPA
Safe Harbor program, which staff will round up to 4 hours per year per FTC-approved COPPA
Safe Harbor program. Given that several FTC-approved COPPA Safe Harbor programs are
already available to website and online service operators, FTC staff anticipates that no more than
one additional FTC-approved COPPA Safe Harbor program applicant is likely to submit a
request within the next three years of PRA clearance. Aggregated for one new FTC-approved
COPPA Safe Harbor program and six existing FTC-approved COPPA Safe Harbor programs,
this amounts to an estimated cumulative reporting burden of 28 hours per year (7 respondents × 4
hours).
Estimated Additional Annual Labor Costs: $46,069,355 (derived from $45,997,535 +
$71,820).
A.

Disclosure $45,997,535 (derived from $959,819 + $45,037,716).
1. New Operators: $959,819.

As previously noted, Commission staff estimates a total annual hours of burden for the
proposed Rule of 2,800 hours (280 respondents × 10 hours). Consistent with its past estimates
and based on its 2013 rulemaking record,11 FTC staff estimates that the time spent on compliance
for new operators covered by the COPPA Rule would be apportioned five to one between legal
(outside counsel lawyers or similar professionals) and technical (e.g., computer programmers,
software developers, and information security analysts) personnel. Therefore, Commission staff
estimates that approximately 2,333 of the estimated 2,800 hours required will be completed by
legal staff.
Regarding legal personnel, Commission staff anticipates that the workload among law
firm partners and associates for assisting with COPPA compliance would be distributed among
attorneys at varying levels of seniority. Assuming two-thirds of such work is done by junior
associates at a rate of approximately $300 per hour, and one-third by senior partners at
approximately $600 per hour, the weighted average of outside counsel costs would be
approximately $400 per hour.12
11
12

See, e.g., 78 Fed. Reg. at 4,007; 2022 COPPA PRA Supporting Statement.

These estimates are drawn from the “Laffey Matrix.” The Laffey Matrix is a fee schedule used by
many United States courts for determining the reasonable hourly rates in the District of Columbia for
attorneys’ fee awards under federal fee-shifting statutes. It is used here as a proxy for market rates for
litigation counsel in the Washington, DC area. For 2020-2021, rates in the table range from $333 per
hour for most junior associates to $665 per hour for the most senior partners. See Laffey Matrix, Civil
9

FTC staff anticipates that computer programmers responsible for posting privacy
policies and implementing direct notices and parental consent mechanisms would account for the
remaining approximately 467 hours. FTC staff estimates an hourly wage of $57 (rounded to the
nearest dollar) for technical assistance, based on Bureau of Labor Statistics (“BLS”) data.13
Accordingly, associated annual labor costs for the proposed Rule would be $959,819 [(2,333
hours × $400/hour) + (467 hours × $57/hour)] for the estimated 280 new operators.
2. Existing Operators: $45,037,716 (derived from $45,024,416 + 13,300).
As previously discussed, Commission staff estimates that the annualized disclosure
burden for these requirements for the 5,710 existing operators would be 131,330 hours per year.
Thus, apportioned five to one, this amounts to 109,442 hours of legal and 21,888 hours of
technical assistance. Applying hourly rates of $400 and $57, respectively, for these personnel
categories, associated labor costs would total approximately $45,024,416 ($43,776,800 +
$1,247,616).
As noted, Commission staff estimates a cumulative disclosure burden of 10 hours per
year for FTC-approved COPPA Safe Harbor programs. Aggregated for one new FTC-approved
COPPA Safe Harbor program and six existing FTC-approved COPPA Safe Harbor programs,
this amounts to an estimated cumulative reporting burden of 70 hours per year (7 respondents ×
10 hours).
Industry sources have advised that the labor to comply with requirements from FTCapproved COPPA Safe Harbor programs would be attributable to the efforts of in-house lawyers.
To determine in-house legal costs, FTC staff applied an approximate average between the BLS
reported mean hourly wage for lawyers ($78.74),14 and estimated in-house hourly attorney rates
($300) that are likely to reflect the costs associated with the proposed Rule’s safe harbor
requirements. This yields an approximate hourly rate of $190. Applying this hourly labor cost
estimate to the hours burden associated with the cumulative disclosure burden for FTC-approved
COPPA Safe Harbor programs yields an estimated annual burden of $13,300 (70 hours × $190).

Division of the United States Attorney’s Office for the District of Columbia, United States Attorney’s
Office, District of Columbia, Laffey Matrix B 2015-2021, available at https://www.justice.gov/usaodc/page/file/1305941/download.
13

The estimated mean hourly wage for technical labor support ($57) is based on an average of the mean
hourly wage for computer programmers, software developers, and information security analysts as
reported by the Bureau of Labor Statistics. See Occupational Employment and Wages – May 2022, Table
1 (National employment and wage data from the Occupational Employment and Wage Statistics survey
by occupation, May 2022), available at https://www.bls.gov/news.release/ocwage.t01.htm (hereinafter,
“BLS Table 1”).
14

See BLS Table 1 (lawyers).
10

B.

Reporting: $71,820.

As previously noted, Commission staff estimates an estimated cumulative reporting
burden of 378 hours per year for FTC-approved COPPA Safe Harbor programs. The
approximate hourly rate for labor to comply with requirements from FTC-approved COPPA Safe
Harbor programs is $190, as previously calculated. Applying this hourly labor cost estimate to
the hours burden associated with the cumulative reporting burden for FTC-approved COPPA
Safe Harbor programs yields an estimated annual labor cost burden of $71,820 (378 hours ×
$190).
(13)

Capital and Other Non-Labor Costs

Because both operators and FTC-approved COPPA Safe Harbor programs will already be
equipped with the computer equipment and software necessary to comply with the Rule’s notice
requirements, the proposed Rule should not impose any additional capital or other non-labor
costs.
(14)

Estimated Cost to the Federal Government

Staff estimates only marginal increases to the current staff and other assistance
requirements to enforce the current Rule, which currently requires approximately 4
attorney/investigator work years for a total cost of approximately $800,000 per year. In addition,
travel costs or other expenses associated with enforcing and administering the Rule are
anticipated to total approximately $18,000 per year. Thus, the approximate total cost to the FTC
in connection with these cumulative enforcement and monitoring activities will be $818,000 per
year. Clerical and other support services are included in these estimates.
(15)

Program Changes or Adjustments

This would be a program change, not an adjustment. The estimated additional annual
hours of burden would be 134,278, and the estimated additional annual labor costs would be
$46,069,355.
(16)

Statistical Use of Information/Publication of Results

Not applicable. There are no plans to publish for statistical use any information required
by the Rule.
(17)

Requested Permission Not to Display the Expiration Date for OMB Approval

This is not applicable, since the Commission will display the expiration date of the
clearance.
(18)

Exceptions to the “Certification for Paperwork Reduction Act Submissions”
Not applicable.
11


File Typeapplication/pdf
File Modified0000-00-00
File Created0000-00-00

© 2024 OMB.report | Privacy Policy