FTC Testifies on Protecting Children Online in a Fast-Changing Marketplace, and Proposed Changes to COPPA Rule

The Federal Trade Commission today told a House Subcommittee that it is committed to protecting children online, and that the agency recently proposed changes to the Children’s Online Privacy Protection Rule (COPPA Rule) to make sure the Rule keeps pace with fast-changing technology.

Delivering testimony on behalf of the FTC, the agency’s Associate Director for Advertising Practices, Mary K. Engle, told the House Committee on Energy and Commerce, Subcommittee on Commerce, Manufacturing and Trade, that the FTC has actively promoted adherence to the COPPA Rule through enforcement actions and by educating businesses and consumers. The modifications to the Rule proposed by the FTC last month are designed to make sure that the Rule continues to be effective even as evolving technology is changing the way children access and use the Internet, the testimony states. The proposed changes also are intended to help operators with compliance, strengthen protections over children’s data, and provide greater oversight of COPPA safe harbor programs.

The Children’s Online Privacy Protection Act of 1998 (COPPA) requires operators of websites or online services directed to children under 13, and those with actual knowledge that they are collecting personal information from children under 13, to obtain verifiable consent from parents before collecting, using, or disclosing such information from children. The FTC’s Rule implementing the COPPA statute became effective in 2000.

“The Commission takes seriously the challenge to ensure that COPPA continues to meet its originally stated goals, even as children’s interactive media use moves and changes at warp speed,” the testimony states.

According to the testimony, during the last 11 years, the FTC has brought 17 COPPA enforcement actions to ensure that companies comply with the law. During the last five years, the agency has focused particularly on operators who are using social media and mobile applications to market products to children. In addition, the FTC has reached out to operators with business education materials designed to help them comply with COPPA. The agency also promotes consumer education material, such as the agency’s online safety portal, OnGuardOnline.gov, and a guide for parents called Net Cetera: Chatting with Kids About Being Online.

The COPPA Rule and all of the FTC’s other rules and guides are reviewed on a rotating basis to make sure they are up-to-date, effective, and not overly burdensome, the testimony states. In light of rapidly evolving technology, last year the FTC initiated a review of the COPPA Rule on an accelerated schedule and asked for public comments on the Rule.

The testimony states that, after extensive consideration of public input on the Rule, and taking into account the expertise the agency has gained in enforcing and administering COPPA, the FTC has proposed several changes to the COPPA Rule:

• The FTC proposes updating the definition of “personal information” to include geolocation information and certain types of persistent identifiers, such as tracking cookies, used for functions other than the site’s or service’s internal operations. In addition, the Commission proposes modifying the definition of “collection” to allow children to participate in interactive communities without parental consent so long as the operators take reasonable measures to delete all or virtually all children’s personal information before it is made public.
• The proposed amendments would streamline and clarify the direct notice that operators must give parents before collecting children’s personal information.
• The proposed changes would add new methods to obtain verifiable parental consent, including electronic scans of signed parental consent forms, video-conferencing, and the use of government-issued identification checked against a database.
• The FTC proposes eliminating the “email plus” method of parental consent, which currently allows operators that collect personal information for internal uses only to obtain consent through an email to the parent, coupled with an additional confirmation step.
• The Commission also proposes strengthening the Rule’s data security provisions by requiring operators to ensure that service providers and third parties to whom they disclose a child’s personal information have in place procedures to protect such information; that operators retain children’s personal information for only as long as is reasonably necessary; and that they use proper measures to delete such information.
• Finally, the FTC proposes to strengthen its oversight of the self-regulatory “COPPA safe harbor programs” by requiring these programs to audit their members at least annually and report periodically to the Commission the results of those audits.

The FTC is accepting public comments on these proposed changes until November 28, 2011, and expects to hear from a variety of stakeholders before finalizing any changes to the COPPA Rule.

The Commission vote to approve the testimony was 5-0.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call
1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook and follow us on Twitter.