Under the changes to the law, known as COPPA, information about children that cannot be collected unless a parent first gives permission now includes the location data that a cell phone generates, as well as photos, videos, and audio files containing a human image or voice.
The Congressional Bipartisan Privacy Caucus commended the FTC for writing the new rules. “Keeping kids safe on the internet is as important as ensuring their safety in schools, in homes, in cars,” caucus co-chairman Rep. Edward Markey, D-Mass., said at a Capitol Hill news conference.
Data known as “persistent identifiers,” which allow a person to be tracked over time and across websites, are also considered personal data and covered by the rules, the agency said. But parental consent is not required when a website operator collects this information solely to support its internal operations, which can include advertising, site analysis, and network communications.
The rules offer several new methods for verifying a parent’s consent, including electronically scanned consent forms, video conferencing, and eMail.
The FTC sought to achieve a balance between protecting kids and spurring innovation in the technology industry, said Jon Leibowitz, the agency’s chairman.
The final rules expand the definition of a website or online service directed at children to include plug-ins and advertising networks that collect personal information from kids. But the rules were also tightened in a way favorable to some internet heavyweights, Google and Apple. Their online app stores, which dominate the marketplace for mobile applications, won’t be held liable for violations because they “merely offer the public access to child-directed apps,” the FTC said.
Google and Apple had warned that if the rule were written to include their stores, they would jettison many apps specifically intended for kids. They said that would hurt the nation’s classrooms, where new, educational apps are used by teachers and students.
A Washington, D.C., trade group that represents independent apps developers criticized the agency for addressing the concerns of large businesses while doing too little for the startups that make educational apps parents and teachers want. The FTC’s belief that the apps industry will figure out how to thrive under the new rules is akin to jumping off a cliff, then building a parachute, said Morgan Reed, executive director of the Association for Competitive Technology.
“While that may work for big companies, small companies lack the silk and line to build that parachute before they hit the ground,” Reed said.
Companies are not excluded from advertising on websites directed at children, allowing business models that rely on advertising to continue, Leibowitz said. But behavioral marketing techniques that target children are prohibited unless a parent agrees. “You may not track children to build massive profiles,” he said.
The agency included in the rules new methods for securing verifiable consent after the software industry and internet companies raised concerns over how to confirm that the permission actually came from a parent. Electronic scans of signed consent forms are acceptable, as is video teleconferencing between the website operator or online service and the parent, according to the agency.
The FTC also said it is encouraging technology companies to recommend additional verification methods. Leibowitz said he expects this will “unleash innovation around consent mechanisms.”
eMailed consent is also acceptable, as long as the business confirms it by sending an eMail back to the parent or calling or sending a letter. In cases of eMail confirmation, the information collected can only be used for internal use by that company and not shared with third parties, the agency said.
The FTC’s investigation of app developers came after the agency examined 400 kids’ apps that it purchased from Apple’s iTunes store and Google’s apps store, Google Play. It determined that 60 percent of them transmitted the user’s unique device identification to the software maker or, more frequently, to advertising networks and companies that compile, analyze, and sell consumer information for marketing campaigns.
- ‘Buyer’s remorse’ dogging Common Core rollout - October 30, 2014
- Calif. law targets social media monitoring of students - October 2, 2014
- Elementary world language instruction - September 25, 2014