Agency Information Collection Activities; Proposed Collection; Comment Request; Extension, 79596-79598 [2024-22379]

Download as PDF 79596 Federal Register / Vol. 89, No. 189 / Monday, September 30, 2024 / Notices Commission Act 9 against businesses that deceive consumers about the capabilities of their generative AI services. Businesses that exploit media hype and consumer unfamiliarity with this new technology to cheat people out of their hard-earned money should expect a knock on the door from the Commission and other law-enforcement agencies. In this case, consumers who relied on DoNotPay’s wholly inadequate legal advice not only wasted their money but were also likely induced into reliance on the inadequate legal contracts and ineffective legal filings generated by DoNotPay. It does not take a vivid imagination to imagine how such reliance could have ruinous consequences. The Commission’s staff deserves great credit for bringing and settling this case. I write separately to ensure that no one confuses what we are doing today— holding generative-AI companies to the same standards for honest-business conduct that apply to every industry— with the regulation of AI qua AI. Congress has given us the power to enforce prohibitions against unfair methods of competition and unfair or deceptive acts and practices.10 We may reach some AI-related activity incidental to enforcing those prohibitions, as we do today. But Congress has not given us power to regulate AI standing alone. We should not succumb to the panicked calls for the Commission to act as the country’s comprehensive AI regulator.11 I write also to clarify that my vote should not be taken as support for the State Bar of California’s claim that DoNotPay was engaged in the unauthorized practice of law.12 The Commission does not enforce state occupational-licensing laws like California’s unauthorized-practice-oflaw prohibition.13 And if a company were to create a computer system capable of giving accurate legal advice and drafting effective legal documents, or honestly advertise a system that provides something less, I doubt that the aggressive enforcement of lawyers’ 9 15 U.S.C. 45. 45(a)(2). 11 See Dissenting Statement of Commissioner Andrew N. Ferguson, Joined by Commissioner Melissa Holyoak, In the Matter of Rytr LLC, at 9– 10 (Sept. 25, 2024); Concurring and Dissenting Statement of Commissioner Andrew N. Ferguson, A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services, at 10–11 (Sept. 19, 2024). 12 Complaint ¶¶ 25–27. 13 See Cal. Bus. & Prof. Code § 6125. ddrumheller on DSK120RN23PROD with NOTICES1 10 Id. VerDate Sep<11>2014 17:51 Sep 27, 2024 Jkt 262001 monopoly on legal services would serve the public interest. [FR Doc. 2024–22400 Filed 9–27–24; 8:45 am] BILLING CODE 6750–01–P FEDERAL TRADE COMMISSION Agency Information Collection Activities; Proposed Collection; Comment Request; Extension Federal Trade Commission. Notice. AGENCY: ACTION: The Federal Trade Commission (‘‘FTC’’ or ‘‘Commission’’) is seeking public comments on its proposal to extend for an additional three years the current Paperwork Reduction Act (‘‘PRA’’) clearance for information collection requirements contained in the Children’s Online Privacy Protection Rule (‘‘COPPA Rule’’ or ‘‘Rule’’). That clearance expires on April 30, 2025. DATES: Comments must be filed by November 29, 2024. ADDRESSES: Interested parties may file a comment online or on paper, by following the instructions in the Request for Comment part of the SUPPLEMENTARY INFORMATION section below. Write ‘‘COPPA Rule: Paperwork Comment, FTC File No. P155408’’ on your comment, and file your comment online at https://www.regulations.gov by following the instructions on the webbased form. If you prefer to file your comment on paper, mail your comment to the following address: Federal Trade Commission, Office of the Secretary, 600 Pennsylvania Avenue NW, Suite CC–5610 (Annex J), Washington, DC 20580. FOR FURTHER INFORMATION CONTACT: James Trilling, Attorney, (202) 326– 3497, Division of Privacy and Identity Protection, Bureau of Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue NW, Washington, DC 20580. SUPPLEMENTARY INFORMATION: Title of Collection: Children’s Online Privacy Protection Rule, 16 CFR part 312. OMB Control Number: 3084–0117. Type of Review: Extension of currently approved collection. Affected Public: Private Sector: Businesses and other for-profit entities. Estimated Annual Burden Hours: 17,700. Estimated Annual Labor Costs: $8,687,169. Estimated Annual Non-Labor Costs: $0. Abstract: The COPPA Rule, 16 CFR part 312, requires commercial websites SUMMARY: PO 00000 Frm 00096 Fmt 4703 Sfmt 4703 and online services to provide notice and obtain parental consent before collecting, using, or disclosing personal information from children under age thirteen, with limited exceptions. The COPPA Rule contains certain statutorily required notice, consent, and other requirements that apply to operators of any commercial website or online service directed to children that collect personal information, and operators of any commercial website or online service with actual knowledge that they are collecting personal information from children. The Rule also applies to operators that have actual knowledge that they are collecting personal information directly from users of another website or online service that is directed to children. Covered operators must, among other things: (1) provide online notice and direct notice to parents of how they collect, use, and disclose children’s personal information; (2) obtain the prior consent of the child’s parent in order to engage in such collection, use, and disclosure; (3) provide reasonable means for the parent to obtain access to the information and to direct its deletion; and (4) establish procedures that protect the confidentiality, security, and integrity of personal information collected from children. Burden Statement A. Annual Hours Burden: 17,600 hours. I. New Entrant Operators’ Disclosure Burden Based on public comments received by the Commission during its 2013 COPPA Rule amendments rulemaking,1 FTC staff estimates that the Rule affects approximately 280 new operators per year.2 FTC staff maintains its longstanding estimate that new operators of websites and online services will require, on average, approximately 60 hours to draft a privacy policy and design mechanisms to provide the required online privacy notice and, where applicable, the direct notice to parents.3 This yields an estimated annual hours burden of 16,800 hours (280 respondents × 60 hours). II. Safe Harbor Applicant Reporting Requirements Operators can comply with the COPPA Rule by meeting the terms of 1 78 FR 3972, 4005 (Jan. 17, 2013). consists of certain traditional website operators, mobile app developers, plug-in developers, and advertising networks. 3 See, e.g., 80 FR 76491 (Dec. 9, 2015); 84 FR 1466 (Feb. 4, 2019). 2 This E:\FR\FM\30SEN1.SGM 30SEN1 Federal Register / Vol. 89, No. 189 / Monday, September 30, 2024 / Notices Commission approved self-regulatory program guidelines.4 While the submission of industry self-regulatory guidelines to the agency is voluntary, the COPPA Rule sets out the criteria for approval of guidelines and the materials that must be submitted as part of an application for approval of such selfregulatory guidelines. Based on industry input, FTC staff estimates that it would require, on average, 265 hours per new safe harbor program applicant to prepare and submit its safe harbor proposal in accordance with § 312.11(c) of the Rule, 16 CFR 312.11(c).5 Given that several safe harbor programs are already available to operators of websites and online services, FTC staff anticipates that no more than one additional safe harbor applicant is likely to submit a request within the next three years of PRA clearance. Thus, FTC staff estimates that annualized burden attributable to this requirement would be approximately 88 hours per year (265 hours ÷ 3 years), which is rounded to 100 hours. III. Annual Audit and Report for Safe Harbor Programs The COPPA Rule requires safe harbor programs to audit their members at least annually and submit annual reports to the Commission on the aggregate results of these member audits. The burden for conducting member audits and preparing these reports likely varies by safe harbor program depending on the number of members. FTC staff estimates that conducting audits and preparing reports will require approximately 100 hours per program per year. Aggregated for one new safe harbor (100 hours) and six existing safe harbor (600 hours) programs, this amounts to an estimated cumulative reporting burden of 700 hours per year (7 respondents × 100 hours). IV. Safe Harbor Program Recordkeeping Requirements FTC staff understands that most of the records listed in the COPPA Rule’s safe harbor recordkeeping provisions consist of documentation that covered entities retain in the ordinary course of business ddrumheller on DSK120RN23PROD with NOTICES1 4 See 16 CFR 312.11(c). Approved self-regulatory guidelines can be found on the FTC’s website at https://www.ftc.gov/privacy/privacyinitiatives/ childrens_shp.html. 5 See 83 FR 49557 (Oct. 2, 2018). FTC staff believes that most of the records submitted with a safe harbor request would be those that these entities have kept in the ordinary course of business. Under 5 CFR 1320.3(b)(2), OMB excludes from the definition of PRA burden the time and financial resources needed to comply with agencyimposed recordkeeping, disclosure, or reporting requirements that customarily would be undertaken independently in the normal course of business. VerDate Sep<11>2014 17:51 Sep 27, 2024 Jkt 262001 irrespective of the COPPA Rule. As noted above, OMB excludes from the definition of PRA burden, among other things, recordkeeping requirements that customarily would be undertaken independently in the normal course of business. In FTC staff’s view, any incremental burden, such as that for maintaining the results of independent assessments under § 312.11(d), would be marginal. B. Estimated Annual Labor Costs: $8,687,169. I. New Entrant Operators’ Disclosure Burden Consistent with its past estimates and based on its 2013 rulemaking record, FTC staff assumes that the time spent on compliance for new operators covered by the COPPA Rule would be apportioned five to one between legal (outside counsel lawyers or similar professionals) and technical (e.g., computer programmers, software developers, and information security analysts) personnel. FTC staff therefore estimates that outside counsel costs will account for 14,000 of the estimated 16,800 hours required as estimated in Section A.I above. FTC staff anticipates that the workload among law firm partners and associates for assisting with COPPA compliance would be distributed among attorneys at varying levels of seniority. Assuming two-thirds of such work is done by junior associates at a rate of approximately $510 per hour, and one-third by senior partners at approximately $798 per hour, the weighted average of outside counsel costs would be approximately $606 per hour.6 FTC staff anticipates that computer programmers responsible for posting privacy policies and implementing direct notices and parental consent mechanisms would 6 These estimates are drawn from the ‘‘Fitzpatrick Matrix.’’ The Fitzpatrick Matrix was developed to provide a tool for the ‘‘reliable assessment of fees charged for complex [civil] federal litigation,’’ in the District of Columbia, and has been adopted by, among others, the Civil Division of the United States Attorney’s Office for the District of Columbia. See Fitzpatrick Matrix, Civil Division of the United States Attorney’s Office for the District of Columbia, Fitzpatrick Matrix, 2013–2024 (quoting DL v. District of Columbia, 924 F.3d 585, 595 (D.C. Cir. 2019)), available at https://www.justice.gov/usaodc/media/1353286/dl?inline. It is used here as a proxy for market rates for litigation counsel in the Washington, DC area. For 2024, the Fitzpatrick Matrix sets forth estimates ranging from $500 per hour for the most junior associates to $864 per hour for the most senior partners. See id. For the purpose of this analysis, FTC staff determined the hourly rate for work performed by junior associates based on the average of the 2024 hourly rates for junior associates with zero to one year of experience, and the hourly rate for work performed by senior partners based on the average of the 2024 hourly rates for senior partners with more than eleven years of experience. PO 00000 Frm 00097 Fmt 4703 Sfmt 4703 79597 account for the remaining 2,800 hours. FTC staff estimates an hourly wage of $56.03 for technical personnel, based on Bureau of Labor Statistics (‘‘BLS’’) data.7 Accordingly, associated annual labor costs would be $8,640,884 [(14,000 hours × $606/hour) + (2,800 hours × $56.03/hour)] for the estimated 280 new operators. II. Safe Harbor Applicant Reporting Requirements Previously, industry sources have advised that all of the labor to comply with new safe harbor applicant requirements would be attributable to the efforts of in-house lawyers.8 To determine in-house legal costs, FTC staff applied an approximate average between the BLS reported mean hourly wage for lawyers ($84.84),9 and estimated in-house hourly attorney rates ($300) that are likely to reflect the costs associated with some safe harbor applicant costs. This yields an approximate hourly rate of $193. Applying this hourly labor cost estimate to the hours burden associated with approval for a new safe harbor application yields an estimated annual labor cost burden of $19,300 (100 hours × $193). III. Annual Audit and Report for Safe Harbor Programs FTC staff assumes that compliance officers, at a mean hourly wage of $38.55, will prepare annual reports.10 Applying this hourly labor cost estimate to the hours burden associated with preparing annual audit reports yields an estimated annual labor cost burden of $26,985 (700 hours × $38.55). IV. Safe Harbor Program Recordkeeping Requirements For the reasons stated in Section A.IV above, FTC staff anticipates that the labor costs associated with safe harbor program recordkeeping are de minimis. C. Estimated Annual Non-Labor Costs: $0. FTC staff understands that covered operators already have in place the computer equipment and software necessary to comply with the Rule’s 7 The estimated mean hourly wages for technical personnel ($56.03) is based on an average of the mean hourly wage for computer programmers, software developers, information security analysts, and web developers as reported by the Bureau of Labor Statistics. See Bureau of Labor Statistics, Occupational Employment and Wages—May 2023, Table 1 (May 2023), available at https:// www.bls.gov/news.release/ocwage.t01.htm (National employment and wage data from the Occupational Employment Statistics survey by occupation) [hereinafter ‘‘BLS Table 1’’]. 8 See 83 FR 49558 (Oct. 2, 2018). 9 See BLS Table 1 (attorneys). 10 See BLS Table 1 (compliance officers, $38.55). E:\FR\FM\30SEN1.SGM 30SEN1 79598 Federal Register / Vol. 89, No. 189 / Monday, September 30, 2024 / Notices ddrumheller on DSK120RN23PROD with NOTICES1 notice requirements. Accordingly, the predominant costs incurred by operators are the aforementioned labor costs. Similarly, FTC staff anticipates that covered entities already have in place the means to retain and store the records that must be kept under the Rule’s safe harbor recordkeeping provisions, because they are likely to retain such records independent of the Rule. Accordingly, FTC staff estimates that the capital and non-labor costs associated with Rule compliance are de minimis. Request for Comment Pursuant to section 3506(c)(2)(A) of the PRA, the FTC invites comments on: (1) whether the disclosure and recordkeeping requirements are necessary, including whether the information will be practically useful; (2) the accuracy of our burden estimates, including whether the methodology and assumptions used are valid; (3) ways to enhance the quality, utility, and clarity of the information to be collected; and (4) ways to minimize the burden of the collection of information. For the FTC to consider a comment, we must receive it on or before November 29, 2024. Your comment, including your name and your state, will be placed on the public record of this proceeding, including the https:// www.regulations.gov website. You can file a comment online or on paper. Due to heightened security screening, postal mail addressed to the Commission will be subject to delay. We encourage you to submit your comments online through the https:// www.regulations.gov website. If you file your comment on paper, write ‘‘COPPA Rule: Paperwork Comment, FTC File No. P155408’’ on your comment and on the envelope, and mail it to the following address: Federal Trade Commission, Office of the Secretary, 600 Pennsylvania Avenue NW, Suite CC–5610 (Annex J), Washington, DC 20580. Because your comment will become publicly available at https:// www.regulations.gov, you are solely responsible for making sure that your comment does not include any sensitive or confidential information. In particular, your comment should not include any sensitive personal information, such as your or anyone else’s Social Security number; date of birth; driver’s license number or other state identification number, or foreign country equivalent; passport number; financial account number; or credit or debit card number. You are also solely responsible for making sure that your comment does not include any sensitive VerDate Sep<11>2014 17:51 Sep 27, 2024 Jkt 262001 health information, such as medical records or other individually identifiable health information. In addition, your comment should not include any ‘‘trade secret or any commercial or financial information which . . . is privileged or confidential’’—as provided by section 6(f) of the FTC Act, 15 U.S.C. 46(f), and FTC Rule 4.10(a)(2), 16 CFR 4.10(a)(2)— including, in particular, competitively sensitive information, such as costs, sales statistics, inventories, formulas, patterns, devices, manufacturing processes, or customer names. Comments containing material for which confidential treatment is requested must (1) be filed in paper form, (2) be clearly labeled ‘‘Confidential,’’ and (3) comply with FTC Rule 4.9(c). In particular, the written request for confidential treatment that accompanies the comment must include the factual and legal basis for the request and must identify the specific portions of the comment to be withheld from the public record. See FTC Rule 4.9(c). Your comment will be kept confidential only if the General Counsel grants your request in accordance with the law and the public interest. Once your comment has been posted publicly at www.regulations.gov, we cannot redact or remove your comment unless you submit a confidentiality request that meets the requirements for such treatment under FTC Rule 4.9(c), and the General Counsel grants that request. The FTC Act and other laws that the Commission administers permit the collection of public comments to consider and use in this proceeding as appropriate. The Commission will consider all timely and responsive public comments that it receives on or before November 29, 2024. For information on the Commission’s privacy policy, including routine uses permitted by the Privacy Act, see https://www.ftc.gov/site-information/ privacy-policy. Josephine Liu, Assistant General Counsel for Legal Counsel. [FR Doc. 2024–22379 Filed 9–27–24; 8:45 am] BILLING CODE 6750–01–P FEDERAL TRADE COMMISSION Privacy Act of 1974; System of Records AGENCY: Federal Trade Commission (FTC). ACTION: Notice of modified systems of records. PO 00000 Frm 00098 Fmt 4703 Sfmt 4703 The FTC is making technical revisions to several of the notices that it has published under the Privacy Act of 1974 to describe its systems of records. This action is intended to make these notices clearer, more accurate, and upto-date. DATES: These modified systems will be applicable on September 30, 2024. FOR FURTHER INFORMATION CONTACT: G. Richard Gold, Attorney, Office of the General Counsel, FTC, 600 Pennsylvania Avenue NW, Washington, DC 20580, (202) 326–3355 or rgold@ ftc.gov. SUMMARY: To inform the public, the FTC publishes in the Federal Register and posts on its website a ‘‘system of records notice’’ (SORN) for each system of records that the FTC currently maintains within the meaning of the Privacy Act of 1974, as amended, 5 U.S.C. 552a (‘‘Privacy Act’’ or ‘‘Act’’). See https://www.ftc.gov/ about-ftc/foia/foia-reading-rooms/ privacy-act-systems. The Privacy Act protects records about individuals in systems of records collected and maintained by Federal agencies. (A system is not a ‘‘system of records’’ under the Act unless the agency maintains and retrieves records in the system by the relevant individual’s name or other personally assigned identifier.) Each Federal agency, including the FTC, must publish a SORN that describes the records maintained in each of its Privacy Act systems, including the categories of individuals that the records in the system are about where and how the agency maintains these records, and how individuals can find out whether an agency system contains any records about them or request access to their records, if any. The FTC, for example, maintains 39 systems of records under the Act. Some of these systems contain records about the FTC’s own employees, such as personnel and payroll files. Other FTC systems contain records about members of the public, such as public comments, consumer complaints, or phone numbers submitted to the FTC’s Do Not Call Registry. The FTC’s SORNs discussed in this notice apply only to the FTC’s own Privacy Act record systems. They do not cover Privacy Act records that other Federal agencies may collect and maintain in their own systems. Likewise, the FTC’s SORNs and the Privacy Act of 1974 do not cover personal records that private businesses or other non-FTC entities may collect, which may be covered by other privacy laws. SUPPLEMENTARY INFORMATION: E:\FR\FM\30SEN1.SGM 30SEN1

Agencies

[Federal Register Volume 89, Number 189 (Monday, September 30, 2024)]
[Notices]
[Pages 79596-79598]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-22379]


-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION


Agency Information Collection Activities; Proposed Collection; 
Comment Request; Extension

AGENCY: Federal Trade Commission.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Federal Trade Commission (``FTC'' or ``Commission'') is 
seeking public comments on its proposal to extend for an additional 
three years the current Paperwork Reduction Act (``PRA'') clearance for 
information collection requirements contained in the Children's Online 
Privacy Protection Rule (``COPPA Rule'' or ``Rule''). That clearance 
expires on April 30, 2025.

DATES: Comments must be filed by November 29, 2024.

ADDRESSES: Interested parties may file a comment online or on paper, by 
following the instructions in the Request for Comment part of the 
SUPPLEMENTARY INFORMATION section below. Write ``COPPA Rule: Paperwork 
Comment, FTC File No. P155408'' on your comment, and file your comment 
online at https://www.regulations.gov by following the instructions on 
the web-based form. If you prefer to file your comment on paper, mail 
your comment to the following address: Federal Trade Commission, Office 
of the Secretary, 600 Pennsylvania Avenue NW, Suite CC-5610 (Annex J), 
Washington, DC 20580.

FOR FURTHER INFORMATION CONTACT: James Trilling, Attorney, (202) 326-
3497, Division of Privacy and Identity Protection, Bureau of Consumer 
Protection, Federal Trade Commission, 600 Pennsylvania Avenue NW, 
Washington, DC 20580.

SUPPLEMENTARY INFORMATION: 
    Title of Collection: Children's Online Privacy Protection Rule, 16 
CFR part 312.
    OMB Control Number: 3084-0117.
    Type of Review: Extension of currently approved collection.
    Affected Public: Private Sector: Businesses and other for-profit 
entities.
    Estimated Annual Burden Hours: 17,700.
    Estimated Annual Labor Costs: $8,687,169.
    Estimated Annual Non-Labor Costs: $0.
    Abstract: The COPPA Rule, 16 CFR part 312, requires commercial 
websites and online services to provide notice and obtain parental 
consent before collecting, using, or disclosing personal information 
from children under age thirteen, with limited exceptions. The COPPA 
Rule contains certain statutorily required notice, consent, and other 
requirements that apply to operators of any commercial website or 
online service directed to children that collect personal information, 
and operators of any commercial website or online service with actual 
knowledge that they are collecting personal information from children. 
The Rule also applies to operators that have actual knowledge that they 
are collecting personal information directly from users of another 
website or online service that is directed to children. Covered 
operators must, among other things: (1) provide online notice and 
direct notice to parents of how they collect, use, and disclose 
children's personal information; (2) obtain the prior consent of the 
child's parent in order to engage in such collection, use, and 
disclosure; (3) provide reasonable means for the parent to obtain 
access to the information and to direct its deletion; and (4) establish 
procedures that protect the confidentiality, security, and integrity of 
personal information collected from children.

Burden Statement

    A. Annual Hours Burden: 17,600 hours.

I. New Entrant Operators' Disclosure Burden

    Based on public comments received by the Commission during its 2013 
COPPA Rule amendments rulemaking,\1\ FTC staff estimates that the Rule 
affects approximately 280 new operators per year.\2\ FTC staff 
maintains its longstanding estimate that new operators of websites and 
online services will require, on average, approximately 60 hours to 
draft a privacy policy and design mechanisms to provide the required 
online privacy notice and, where applicable, the direct notice to 
parents.\3\ This yields an estimated annual hours burden of 16,800 
hours (280 respondents x 60 hours).
---------------------------------------------------------------------------

    \1\ 78 FR 3972, 4005 (Jan. 17, 2013).
    \2\ This consists of certain traditional website operators, 
mobile app developers, plug-in developers, and advertising networks.
    \3\ See, e.g., 80 FR 76491 (Dec. 9, 2015); 84 FR 1466 (Feb. 4, 
2019).
---------------------------------------------------------------------------

II. Safe Harbor Applicant Reporting Requirements

    Operators can comply with the COPPA Rule by meeting the terms of

[[Page 79597]]

Commission approved self-regulatory program guidelines.\4\ While the 
submission of industry self-regulatory guidelines to the agency is 
voluntary, the COPPA Rule sets out the criteria for approval of 
guidelines and the materials that must be submitted as part of an 
application for approval of such self-regulatory guidelines. Based on 
industry input, FTC staff estimates that it would require, on average, 
265 hours per new safe harbor program applicant to prepare and submit 
its safe harbor proposal in accordance with Sec.  312.11(c) of the 
Rule, 16 CFR 312.11(c).\5\ Given that several safe harbor programs are 
already available to operators of websites and online services, FTC 
staff anticipates that no more than one additional safe harbor 
applicant is likely to submit a request within the next three years of 
PRA clearance. Thus, FTC staff estimates that annualized burden 
attributable to this requirement would be approximately 88 hours per 
year (265 hours / 3 years), which is rounded to 100 hours.
---------------------------------------------------------------------------

    \4\ See 16 CFR 312.11(c). Approved self-regulatory guidelines 
can be found on the FTC's website at https://www.ftc.gov/privacy/privacyinitiatives/childrens_shp.html.
    \5\ See 83 FR 49557 (Oct. 2, 2018). FTC staff believes that most 
of the records submitted with a safe harbor request would be those 
that these entities have kept in the ordinary course of business. 
Under 5 CFR 1320.3(b)(2), OMB excludes from the definition of PRA 
burden the time and financial resources needed to comply with 
agency-imposed recordkeeping, disclosure, or reporting requirements 
that customarily would be undertaken independently in the normal 
course of business.
---------------------------------------------------------------------------

III. Annual Audit and Report for Safe Harbor Programs

    The COPPA Rule requires safe harbor programs to audit their members 
at least annually and submit annual reports to the Commission on the 
aggregate results of these member audits. The burden for conducting 
member audits and preparing these reports likely varies by safe harbor 
program depending on the number of members. FTC staff estimates that 
conducting audits and preparing reports will require approximately 100 
hours per program per year. Aggregated for one new safe harbor (100 
hours) and six existing safe harbor (600 hours) programs, this amounts 
to an estimated cumulative reporting burden of 700 hours per year (7 
respondents x 100 hours).

IV. Safe Harbor Program Recordkeeping Requirements

    FTC staff understands that most of the records listed in the COPPA 
Rule's safe harbor recordkeeping provisions consist of documentation 
that covered entities retain in the ordinary course of business 
irrespective of the COPPA Rule. As noted above, OMB excludes from the 
definition of PRA burden, among other things, recordkeeping 
requirements that customarily would be undertaken independently in the 
normal course of business. In FTC staff's view, any incremental burden, 
such as that for maintaining the results of independent assessments 
under Sec.  312.11(d), would be marginal.
    B. Estimated Annual Labor Costs: $8,687,169.

I. New Entrant Operators' Disclosure Burden

    Consistent with its past estimates and based on its 2013 rulemaking 
record, FTC staff assumes that the time spent on compliance for new 
operators covered by the COPPA Rule would be apportioned five to one 
between legal (outside counsel lawyers or similar professionals) and 
technical (e.g., computer programmers, software developers, and 
information security analysts) personnel. FTC staff therefore estimates 
that outside counsel costs will account for 14,000 of the estimated 
16,800 hours required as estimated in Section A.I above. FTC staff 
anticipates that the workload among law firm partners and associates 
for assisting with COPPA compliance would be distributed among 
attorneys at varying levels of seniority. Assuming two-thirds of such 
work is done by junior associates at a rate of approximately $510 per 
hour, and one-third by senior partners at approximately $798 per hour, 
the weighted average of outside counsel costs would be approximately 
$606 per hour.\6\ FTC staff anticipates that computer programmers 
responsible for posting privacy policies and implementing direct 
notices and parental consent mechanisms would account for the remaining 
2,800 hours. FTC staff estimates an hourly wage of $56.03 for technical 
personnel, based on Bureau of Labor Statistics (``BLS'') data.\7\ 
Accordingly, associated annual labor costs would be $8,640,884 [(14,000 
hours x $606/hour) + (2,800 hours x $56.03/hour)] for the estimated 280 
new operators.
---------------------------------------------------------------------------

    \6\ These estimates are drawn from the ``Fitzpatrick Matrix.'' 
The Fitzpatrick Matrix was developed to provide a tool for the 
``reliable assessment of fees charged for complex [civil] federal 
litigation,'' in the District of Columbia, and has been adopted by, 
among others, the Civil Division of the United States Attorney's 
Office for the District of Columbia. See Fitzpatrick Matrix, Civil 
Division of the United States Attorney's Office for the District of 
Columbia, Fitzpatrick Matrix, 2013-2024 (quoting DL v. District of 
Columbia, 924 F.3d 585, 595 (D.C. Cir. 2019)), available at https://www.justice.gov/usao-dc/media/1353286/dl?inline. It is used here as 
a proxy for market rates for litigation counsel in the Washington, 
DC area. For 2024, the Fitzpatrick Matrix sets forth estimates 
ranging from $500 per hour for the most junior associates to $864 
per hour for the most senior partners. See id. For the purpose of 
this analysis, FTC staff determined the hourly rate for work 
performed by junior associates based on the average of the 2024 
hourly rates for junior associates with zero to one year of 
experience, and the hourly rate for work performed by senior 
partners based on the average of the 2024 hourly rates for senior 
partners with more than eleven years of experience.
    \7\ The estimated mean hourly wages for technical personnel 
($56.03) is based on an average of the mean hourly wage for computer 
programmers, software developers, information security analysts, and 
web developers as reported by the Bureau of Labor Statistics. See 
Bureau of Labor Statistics, Occupational Employment and Wages--May 
2023, Table 1 (May 2023), available at https://www.bls.gov/news.release/ocwage.t01.htm (National employment and wage data from 
the Occupational Employment Statistics survey by occupation) 
[hereinafter ``BLS Table 1''].
---------------------------------------------------------------------------

II. Safe Harbor Applicant Reporting Requirements

    Previously, industry sources have advised that all of the labor to 
comply with new safe harbor applicant requirements would be 
attributable to the efforts of in-house lawyers.\8\ To determine in-
house legal costs, FTC staff applied an approximate average between the 
BLS reported mean hourly wage for lawyers ($84.84),\9\ and estimated 
in-house hourly attorney rates ($300) that are likely to reflect the 
costs associated with some safe harbor applicant costs. This yields an 
approximate hourly rate of $193. Applying this hourly labor cost 
estimate to the hours burden associated with approval for a new safe 
harbor application yields an estimated annual labor cost burden of 
$19,300 (100 hours x $193).
---------------------------------------------------------------------------

    \8\ See 83 FR 49558 (Oct. 2, 2018).
    \9\ See BLS Table 1 (attorneys).
---------------------------------------------------------------------------

III. Annual Audit and Report for Safe Harbor Programs

    FTC staff assumes that compliance officers, at a mean hourly wage 
of $38.55, will prepare annual reports.\10\ Applying this hourly labor 
cost estimate to the hours burden associated with preparing annual 
audit reports yields an estimated annual labor cost burden of $26,985 
(700 hours x $38.55).
---------------------------------------------------------------------------

    \10\ See BLS Table 1 (compliance officers, $38.55).
---------------------------------------------------------------------------

IV. Safe Harbor Program Recordkeeping Requirements

    For the reasons stated in Section A.IV above, FTC staff anticipates 
that the labor costs associated with safe harbor program recordkeeping 
are de minimis.
    C. Estimated Annual Non-Labor Costs: $0.
    FTC staff understands that covered operators already have in place 
the computer equipment and software necessary to comply with the Rule's

[[Page 79598]]

notice requirements. Accordingly, the predominant costs incurred by 
operators are the aforementioned labor costs. Similarly, FTC staff 
anticipates that covered entities already have in place the means to 
retain and store the records that must be kept under the Rule's safe 
harbor recordkeeping provisions, because they are likely to retain such 
records independent of the Rule. Accordingly, FTC staff estimates that 
the capital and non-labor costs associated with Rule compliance are de 
minimis.

Request for Comment

    Pursuant to section 3506(c)(2)(A) of the PRA, the FTC invites 
comments on: (1) whether the disclosure and recordkeeping requirements 
are necessary, including whether the information will be practically 
useful; (2) the accuracy of our burden estimates, including whether the 
methodology and assumptions used are valid; (3) ways to enhance the 
quality, utility, and clarity of the information to be collected; and 
(4) ways to minimize the burden of the collection of information.
    For the FTC to consider a comment, we must receive it on or before 
November 29, 2024. Your comment, including your name and your state, 
will be placed on the public record of this proceeding, including the 
https://www.regulations.gov website.
    You can file a comment online or on paper. Due to heightened 
security screening, postal mail addressed to the Commission will be 
subject to delay. We encourage you to submit your comments online 
through the https://www.regulations.gov website.
    If you file your comment on paper, write ``COPPA Rule: Paperwork 
Comment, FTC File No. P155408'' on your comment and on the envelope, 
and mail it to the following address: Federal Trade Commission, Office 
of the Secretary, 600 Pennsylvania Avenue NW, Suite CC-5610 (Annex J), 
Washington, DC 20580.
    Because your comment will become publicly available at https://www.regulations.gov, you are solely responsible for making sure that 
your comment does not include any sensitive or confidential 
information. In particular, your comment should not include any 
sensitive personal information, such as your or anyone else's Social 
Security number; date of birth; driver's license number or other state 
identification number, or foreign country equivalent; passport number; 
financial account number; or credit or debit card number. You are also 
solely responsible for making sure that your comment does not include 
any sensitive health information, such as medical records or other 
individually identifiable health information. In addition, your comment 
should not include any ``trade secret or any commercial or financial 
information which . . . is privileged or confidential''--as provided by 
section 6(f) of the FTC Act, 15 U.S.C. 46(f), and FTC Rule 4.10(a)(2), 
16 CFR 4.10(a)(2)--including, in particular, competitively sensitive 
information, such as costs, sales statistics, inventories, formulas, 
patterns, devices, manufacturing processes, or customer names.
    Comments containing material for which confidential treatment is 
requested must (1) be filed in paper form, (2) be clearly labeled 
``Confidential,'' and (3) comply with FTC Rule 4.9(c). In particular, 
the written request for confidential treatment that accompanies the 
comment must include the factual and legal basis for the request and 
must identify the specific portions of the comment to be withheld from 
the public record. See FTC Rule 4.9(c). Your comment will be kept 
confidential only if the General Counsel grants your request in 
accordance with the law and the public interest. Once your comment has 
been posted publicly at www.regulations.gov, we cannot redact or remove 
your comment unless you submit a confidentiality request that meets the 
requirements for such treatment under FTC Rule 4.9(c), and the General 
Counsel grants that request.
    The FTC Act and other laws that the Commission administers permit 
the collection of public comments to consider and use in this 
proceeding as appropriate. The Commission will consider all timely and 
responsive public comments that it receives on or before November 29, 
2024. For information on the Commission's privacy policy, including 
routine uses permitted by the Privacy Act, see https://www.ftc.gov/site-information/privacy-policy.

Josephine Liu,
Assistant General Counsel for Legal Counsel.
[FR Doc. 2024-22379 Filed 9-27-24; 8:45 am]
BILLING CODE 6750-01-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.