FTC unveils proposed COPPA changes for comment

The Children’s Online Privacy Protection Rule took effect more than a decade ago — a lifetime in tech years. That’s why the FTC asked for feedback on whether developments in the online world warranted changes to the Rule. Based on comments from businesses, advocacy groups, academics, and interested members of the public — and the proceedings of a public roundtable — the FTC just announced proposed revisions to COPPA and wants to hear what you have to say.

What’s the FTC suggesting? You’ll want to read the entire proposal, but here are some highlights:

Definitions.  Way back at the turn of the century, nobody talked about behavioral advertising.  Fast forward 11 years and the FTC wants to update COPPA’s definition of “personal information” to include certain types of persistent identifiers. How would that affect your business?  You’d need parental consent to behaviorally advertise to a child. The FTC also suggests updating the definition to include geolocation information.  Another proposed change: modifying the definition of “collection” as it affects kids’ participation in interactive communities.

Parental notice.  Under COPPA, website operators need to give parents notice of their information practices. The proposed revisions are intended to ensure parents will get key info in a succinct “just in time” fashion, and not in a lengthy “who has time?” privacy policy.

Parental consent mechanisms.  The FTC is suggesting updates to the ways businesses can get the verifiable parental consent they need before collecting kids’ information.  Some of the new proposals: electronic scans of signed parental consent forms, video-conferencing, and use of government-issued identification checked against a database, provided that Mom’s or Dad’s ID is deleted promptly after verification.  The FTC also suggests eliminating the less reliable “e-mail plus” method, currently available to operators that collect personal information only for internal use.

Confidentiality and security.  To help keep kids’ information secure, the FTC suggests that operators adopt procedures the agency has recommended in other contexts.  For example, operators should make sure service providers and third parties to whom they disclose a child’s personal information have reasonable procedures in place to protect it.  In addition, operators should hold on to information only as long as necessary and dispose of it securely after that.

Safe harbor programs.  The FTC is proposing to beef up its oversight of self-regulatory safe harbor programs by requiring them to audit their members at least annually and report back on the results.

Interested in commenting on the FTC’s proposed changes to COPPA? File online by November 28, 2011.


| Comment Policy

Leave A Comment

Don't use this blog to report fraud or deceptive practices. To file a complaint with the Federal Trade Commission, please use the FTC Complaint Assistant.

PRIVACY ACT STATEMENT: It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act and the Federal Information Security Management Act authorize this information collection for purposes of managing online comments. Comments and user names are part of our public records system, and user names are also part of our computer user records system. We may routinely use these records as described in our Privacy Act system notices. For more information on how we handle information that we collect, please read our privacy policy.