FTC Proposes New Rules On Child Data Collection

Federal Trade Commission wants to regulate many more types of personal information for websites, mobile games, and online services that knowingly interact with children under the age of 13.

The Federal Trade Commission is proposing new privacy rules that would change how websites and online services that interact with children can collect, store, or share much of the personal information they gather on minors.
On Thursday, the FTC released
proposed amendments
to the Childrens Online Privacy Protection Act (COPPA). According to the agency, the updates are meant to respond to changes in online technology, including in the mobile marketplace.
Specifically, the FTCs proposals--open for public comment until Nov. 28--seek to update rules for how businesses that collect childrens information notify others, obtain parental consent, as well as keep collected data secure and confidential. It would also update self-regulatory safe harbor provisions by requiring members of such programs to undergo an annual audit and report the results to the FTC. Finally, it would expand COPPA to cover not just websites, but also online services such as mobile applications and even some types of text messaging services.
The COPPA Rule, as its officially known, was written in 1998 and went into effect in 2000, and regulates how websites and online service providers can interact with children under the age of 13. Notably, the rule requires parental consent before collecting, using, or disclosing any information on children under the age of 13, and stipulates that only the
minimum necessary personal information
can be gathered.
The FTC last looked at updating COPPA in 2005, but made no changes. The regulations werent due to be reexamined for 10 years, but due to the rapid-fire pace of change ... including an explosion in childrens use of mobile devices, the proliferation of online social networking and interactive gaming since 2005, the FTC began reexamining COPPA in April 2010.
[Software that tracks laptop computers is another concern. Learn more
here
.]
The COPPA amendments aim to regulate many more types of personal data. One of the most significant proposed changes to the COPPA Rule is to the definition of personal information. The definition of personal information is important as the COPPA Rule only applies to operators whose websites or online service are directed to children or who have actual knowledge that they are collecting personal information from a child under the age of thirteen, said Eric Bukstein, an attorney at Hogan Lovells, in a
blog post
. Such personal information would include not just names and addresses, but
geolocation data
(that can be resolved to street and city name), screen and user names (if such information is shared with others by the data collector),
persistent identifiers
, as well as photographs, audio, or video of the child.
The FTC is also proposing a just-in-time notice that clearly communicates key information, rather than allowing businesses to refer to a privacy policy. That squares with recent
public statements
made by the FTC, criticizing the overly legalistic and hard-to-decode privacy policies that most websites currently employ.
In addition, the FTC has proposed changing how websites obtain the verifiable parental consent required by COPPA. New techniques to be allowed would include electronic scans of signed parental consent forms, video-conferencing, and use of government-issued identification checked against a database, provided that the parents ID is deleted promptly after verification is done, said the FTC. Businesses that only use collected information internally could also verify identities via email. The FTC is also proposing to have a voluntary 180-day program for any businesses that want to suggest other verification techniques, and have the FTC accept or deny them.
In short, the changes would make many more businesses subject to COPPA, over which the FTC has recently been keeping a much closer eye. Notably, it fined mobile application developer
W3 Innovations
last month for COPPA violations.
That settlement, coupled with the FTCs express recognition of the need for rule changes to address new technologies and services, suggests that the FTC will likely enforce the COPPA Rule much more broadly than it has in the past, said Bukstein. This means that any media that is targeted at children under the age of thirteen will have to analyze whether it can be considered an online service and take appropriate steps to comply with COPPA if necessary. Notably, any company that collects childrens data and serves them advertising will first have to obtain parental consent to do so.
Industry associations and privacy rights groups have begun commenting on the proposed COPAA changes. In particular, the Direct Marketing Association (DMA) has criticized the FTCs push for more stringent forms of parental consent. In the report, the FTC recommends doing away with the existing sliding scale approach to parental consent, in which the required method of consent varies based on how the operator uses a childs personal information, the DMA said in a
statement
. DMA believes that this approach has proven to be a sound means for protecting children online and supports retaining a system that strikes the right balance between providing parents with control and not inhibiting childrens beneficial Internet experiences.
Meanwhile, the Center for Democracy and Technology (CDT), has raised concerns over using government-issued identification to verify childrens identity. This method only proves that the operator has received someones ID; it cannot verify that the person on the ID is a parent of the minor, said the CDT.
Join us for GovCloud 2011, a day-long event where IT professionals in federal, state, and local government will develop a deeper understanding of cloud options.
Register now
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
FTC Proposes New Rules On Child Data Collection