Possible changes to the Children’s Online Privacy Protection Act (COPPA) are on the horizon as the Federal Trade Commission (FTC) has proposed updating the law to reflect how technology has changed web browsing and communication, and the agency is seeking comments on those proposed changes.
Under COPPA’s online privacy rules, operators of websites or online services aimed at children under the age of 13, or others who have actual knowledge that they are collecting personal information from children under 13, must obtain parental permission before collecting, using, or disclosing such information from children.
The online privacy law went under review but remained unchanged in 2005. But in light of rapidly evolving technology and changes in the way children use and access the internet, the FTC has initiated another review to update several definitions and components of the law.
“In this era of rapid technological change, kids are often tech-savvy but judgment-poor. We want to ensure that the COPPA Rule is effective in helping parents protect their children online, without unnecessarily burdening online businesses,” said FTC Chairman Jon Leibowitz. “We look forward to the continuing thoughtful input from industry, children’s advocates, and other stakeholders as we work to update the rule.”
Five proposed online privacy changes
Definitions: COPPA requires covered operators to obtain parental consent before collecting personal information from children. The FTC proposes updating the definition of “personal information” to include “geolocation” information and certain types of persistent identifiers used for functions other than the website’s internal operations, such as tracking cookies used for behavioral advertising. In addition, the agency proposes modifying the definition of “collection” so operators may allow children to participate in interactive communities, without parental consent, as long as the operators take reasonable measures to delete all or virtually all children’s personal information before it is made public.
Parental Notice: The amendments would streamline and clarify the direct notice that operators must give parents before collecting children’s personal information. The proposed revisions will ensure that parents receive key information in a succinct “just-in-time” notice, and not just in a privacy policy.
Parental Consent Mechanisms: The FTC also proposes adding new ways to collect verifiable parental consent, including electronic scans of signed parental consent forms, video conferencing, and checking government-issued identification against a database, as long as the parent’s ID is deleted promptly after verification. The amendment also would eliminate a less-reliable method of parental consent, known as “eMail plus.”
Confidentiality and Security Requirements: To better protect children’s personal information, the FTC would strengthen COPPA’s current confidentiality and security requirements by adding a requirement that operators ensure that any service providers or third parties to whom they disclose a child’s personal information have in place reasonable procedures to protect it, that operators retain the information only for as long as is “reasonably necessary,” and that they properly delete that information by taking reasonable measures to protect against unauthorized access to, or use in connection with, its disposal.
Safe Harbor: The FTC proposes to strengthen its oversight of self-regulatory “safe harbor programs” by requiring them to audit their members at least annually and report the results of those audits.
“The FTC is doing a consummate job in proposing new provisions in response to the changing nature of the technology, as well as working to educate parents on protecting their children’s privacy,” said Stephen Balkam, CEO of the Family Online Safety Institute, in testimony during the House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade Hearing.
Balkam said that, should Congress take additional steps to ensure children’s online privacy, lawmakers could “increase funding for internet safety and privacy education in schools, as well as for research into children’s online behaviors and attitudes.”
“Kids today are becoming more tech-savvy at a younger and younger age,” said Subcommittee Chair Rep. Mary Bono Mack, R-Calif. “But that exposure to exciting, new, sophisticated devices and countless websites located around the world doesn’t necessarily mean that they are going to have any better judgment or make them any more aware of what dangers might lurk online.”
Bono Mack said the FTC, as well as parents, must continue to make sure children’s privacy is protected even as technology changes.
Some have suggested that COPPA’s age threshold should be increased to include children older than 13, while others have pushed back, saying that such changes would place undue limitations on older students’ ability to harness the power of the internet for learning and innovating.
“While some privacy advocates would like to raise the COPPA age threshold because of an increasing use of social networking sites by teenagers, such as Facebook, Twitter, and Google Plus, I believe the FTC showed common-sense restraint in taking a go-slow approach,” Bono Mack said. “The last thing we want to do is to inhibit technological advances and stifle growth of the internet by moving forward in a new policy area without a really good, smart game plan in place. I look forward to having this particular debate in the months ahead as we continue our broader hearings on privacy.”
Balkam agreed with Bono Mack’s age threshold assessment, noting that his organization “is pleased to see that the FTC has determined that 13 remains the appropriate age. … Research released this year found that there were increasing numbers of children under 13 accessing social networks, against their terms of use. Changes to the statutory definition could lead to a substantial increase in children lying about their age, and thus negate protections afforded to younger children through COPPA and specific website protections for minors.”
Those interested in commenting on the changes should write “COPPA Rule Review, 16 CFR Part 312, Project No. P-104503” on comments, and file comments online at https://ftcpublic.commentworks.com/ftc/2011copparulereview. Comments are accepted until Nov. 28.
- Friday 5: Universal Design for Learning - April 19, 2024
- Educators love their edtech, but want more training - April 18, 2024
- Friday 5: College and career readiness - April 12, 2024
