FTC unveils proposed COPPA changes for comment

The Children’s Online Privacy Protection Rule took effect more than a decade ago — a lifetime in tech years. That’s why the FTC asked for feedback on whether developments in the online world warranted changes to the Rule. Based on comments from businesses, advocacy groups, academics, and interested members of the public — and the proceedings of a public roundtable — the FTC just announced proposed revisions to COPPA and wants to hear what you have to say.

What’s the FTC suggesting? You’ll want to read the entire proposal, but here are some highlights:

Definitions.  Way back at the turn of the century, nobody talked about behavioral advertising.  Fast forward 11 years and the FTC wants to update COPPA’s definition of “personal information” to include certain types of persistent identifiers. How would that affect your business?  You’d need parental consent to behaviorally advertise to a child. The FTC also suggests updating the definition to include geolocation information.  Another proposed change: modifying the definition of “collection” as it affects kids’ participation in interactive communities.

Parental notice.  Under COPPA, website operators need to give parents notice of their information practices. The proposed revisions are intended to ensure parents will get key info in a succinct “just in time” fashion, and not in a lengthy “who has time?” privacy policy.

Parental consent mechanisms.  The FTC is suggesting updates to the ways businesses can get the verifiable parental consent they need before collecting kids’ information.  Some of the new proposals: electronic scans of signed parental consent forms, video-conferencing, and use of government-issued identification checked against a database, provided that Mom’s or Dad’s ID is deleted promptly after verification.  The FTC also suggests eliminating the less reliable “e-mail plus” method, currently available to operators that collect personal information only for internal use.

Confidentiality and security.  To help keep kids’ information secure, the FTC suggests that operators adopt procedures the agency has recommended in other contexts.  For example, operators should make sure service providers and third parties to whom they disclose a child’s personal information have reasonable procedures in place to protect it.  In addition, operators should hold on to information only as long as necessary and dispose of it securely after that.

Safe harbor programs.  The FTC is proposing to beef up its oversight of self-regulatory safe harbor programs by requiring them to audit their members at least annually and report back on the results.

Interested in commenting on the FTC’s proposed changes to COPPA? File online by November 28, 2011.

Add new comment

Comment Policy

Please enter a username. Don't use your email address.
Image CAPTCHA
Enter the characters shown in the image.

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.