FTC unveils proposed COPPA changes for comment
The Children’s Online Privacy Protection Rule took effect more than a decade ago — a lifetime in tech years. That’s why the FTC asked for feedback on whether developments in the online world warranted changes to the Rule. Based on comments from businesses, advocacy groups, academics, and interested members of the public — and the proceedings of a public roundtable — the FTC just announced proposed revisions to COPPA and wants to hear what you have to say.
What’s the FTC suggesting? You’ll want to read the entire proposal, but here are some highlights:
Definitions. Way back at the turn of the century, nobody talked about behavioral advertising. Fast forward 11 years and the FTC wants to update COPPA’s definition of “personal information” to include certain types of persistent identifiers. How would that affect your business? You’d need parental consent to behaviorally advertise to a child. The FTC also suggests updating the definition to include geolocation information. Another proposed change: modifying the definition of “collection” as it affects kids’ participation in interactive communities.
Parental consent mechanisms. The FTC is suggesting updates to the ways businesses can get the verifiable parental consent they need before collecting kids’ information. Some of the new proposals: electronic scans of signed parental consent forms, video-conferencing, and use of government-issued identification checked against a database, provided that Mom’s or Dad’s ID is deleted promptly after verification. The FTC also suggests eliminating the less reliable “e-mail plus” method, currently available to operators that collect personal information only for internal use.
Confidentiality and security. To help keep kids’ information secure, the FTC suggests that operators adopt procedures the agency has recommended in other contexts. For example, operators should make sure service providers and third parties to whom they disclose a child’s personal information have reasonable procedures in place to protect it. In addition, operators should hold on to information only as long as necessary and dispose of it securely after that.
Safe harbor programs. The FTC is proposing to beef up its oversight of self-regulatory safe harbor programs by requiring them to audit their members at least annually and report back on the results.
Interested in commenting on the FTC’s proposed changes to COPPA? File online by November 28, 2011.