FTC seeks comments on amendments to Children's Online Privacy Protection Act


Back to the overview
On 15 September, the US Federal Trade Commission (FTC) proposed revisions to the 2000 Children's Online Privacy Protection Act (COPPA).

Discarding calls for an increase in its age threshold, the new rules would maintain the application of COPPA to children under 13. The amendments suggested by the FTC would however tighten requirements covering the collection and storage of personal information by websites and would strengthen the rules for requesting and obtaining parental consent.

In light of rapid technological developments since the introduction of COPPA in 2000, and the growing use of digital media by children, especially of mobile devices, social networking sites and online gaming platforms, FTC announced in April 2010 its wish to see the rules updated.

Following a public consultation and a public roundtable, the FTC put forward the following proposals:

• All digital media, including mobile applications, gaming platforms, location-based services, and coupon texting services would be subject to COPPA if directed to children or if the provider has actual knowledge it is dealing with a child;

• The definition of “personal information” would include geolocation information, photos, videos or audio files containing a child's image or voice as well as tracking cookies and other identifiers used for behavioural advertising;

• Parental consent collection and verification would be reinforced by establishing a voluntary 180-day notice and comment process under which parties could seek FTC approval of a particular consent mechanism. The widely-used "e-mail plus" method to obtain parental consent would be deleted;

• Parental notices would include contact information for all operators interacting with the child on a single website or online service, who would make reasonable efforts to directly notify parents of any material change in the collection, use or disclosure of information to which the parent previously consented;

• Confidentiality and security requirements would be reinforced by requiring web sites that collect a child's information to ensure that they can protect it against unauthorised access and to delete it when it is no longer reasonably necessary;

• The oversight of self-regulatory “safe harbor programs” would be strengthened by requiring an annual audit of their members and the submission of periodical reports to the Commission.

“We look forward to the continuing thoughtful input from industry, children's advocates, and other stakeholders as we work to update the Rule”, FTC Chairman Jon Leibowitz said.

Comments must be filed online by 28 November 2011. FTC's final recommendations are expected in the coming months.

The news has been widely reported on in the press, including stories in the LA Times, NYT, WSJ, Wired, Consumer Reports, Cnet and Washington Post (blog).

For more information please contact Will Gilroy w.gilroy@wfanet.org

Sign up to monthly WFA news