In light of massive changes in data-collecting technology over the last decade, the Federal Trade Commission has proposed a list of new rules to further clarify what information is unacceptable for companies to collect from kids online. The new restrictions are an attempt to update a 1998 law known as the Children’s Online Privacy Protection Act (Coppa) — which went into effect in 2000, before sites like Facebook existed — requiring companies that operate on the Internet to obtain consent from parents before gathering personal information from children under age 13.
The most significant proposed changes to Coppa involve broadening the definitions of “personal information” and “operator” in the context of an online environment to cover newer web developments popular with children, such as chat rooms and video-sharing sites. In addition, the proposal extends liability to third-party companies gaining access to children through software plug-ins and embedded ad networks that operate within the larger framework of child-directed websites or apps.
“There are differences of opinion among advocacy experts of what constitutes personal information,” Mamie Kresses, senior attorney at the FTC’s Division of Advertising Practices, told Data Informed. The new rules are intended to eliminate some of that ambiguity, though Kresses said the commission’s main goal is to “keep children from registering personal information online without their parents’ permission.”
The FTC issued its proposal on Aug. 1, and is collecting comments until Sept. 10. While the new rules may require hard decisions for some companies about whether they want to provide services on a child-directed site in the first place, the news is not necessarily all bad for companies that rely on data collection.
“There’s no law that says you can’t market to children,” said Denise Tayloe, chief executive of Privacy Vaults Online, an Arlington, Va.-based firm that helps companies comply with Coppa. By eliminating some gray areas, Tayloe believes the new clarifications actually may help level the playing field for smaller web companies, which often can’t afford to attract children via TV or other mass media. “This is a chance to have a permission-based relationship while shaking mom’s hand at the same time.”
David Jacobs, consumer protection counsel at the Electronic Privacy Information Center, a nonprofit research center in Washington, D.C., said the new proposed rules, which won’t be up for approval until the fall, “are generally a positive development,” though he acknowledged “children could still lie about their age.” And while privacy advocates support the new restrictions, Jacobs said, “eventually they will be outdated, as well,” thanks to the rapid pace of technological innovation.
For some child-directed businesses, however, the new Coppa will be pretty much the same as the old Coppa—that is, a non-issue.
Nancy Friedman, co-founder of KidzVuz.com, a site that allows children to upload video reviews of toys, books and movies, said she and her business partner, Rebecca Levey, never considered collecting anything but parental consent and children’s first names from their members. The site counts brands like Heartstrings Clothing, Hex Bug and Parragon Books as sponsors.
“I don’t think we approached it as much as businesswomen than as moms,” she said. That’s why KidzVuz screens every video uploaded by its kid members for PII, personally identifiable information, a service its corporate sponsors appreciate. “My concern is that the new rules will create a greater digital divide [along economic lines],” said Friedman. “Not every parent has a credit card or a fax machine” to verify his or her identity. “The more complicated the rules get, the fewer parents are going to participate.”
Correction, August 6, 2012: The original version of this story misidentified which companies KidzVuz.com counts as sponsors. The story has been updated to reflect the website’s sponsors.