COPPA: A second helping

Share This Page

The FTC asked for your input and you chimed in with 350 comments about the future of the Children’s Online Privacy Protection Rule.  Based on what you said — and what we’ve learned through law enforcement — we’re back, asking for your help in thinking through modifications to certain definitions to clarify the scope of the Rule and strengthen its protections.

What’s under consideration in this supplemental request for public comment?  We’re looking at possible changes to the definitions of “operator” and “website or online service directed to children” that would clarify the responsibilities under COPPA when third parties — like ad networks or plug-ins — collect personal information from users through child-directed websites or services.  The proposed change would make clear that an operator that chooses to integrate the services of third parties that collect personal information from visitors would itself be considered a covered “operator” under the Rule.

What else is being discussed?  Under the proposal, an ad network or plug-in would be covered by COPPA when it knows or has reason to know that it’s collecting personal information through a child-directed site or service.

Another proposal would allow websites with mixed audiences to age-screen visitors to provide COPPA’s protections only to those under 13.  However, the proposal makes it clear that kid-directed sites or services that knowingly target under-13s as their primary audience or whose overall content is likely to attract kids under that age couldn’t use that method.

The FTC is also asking for feedback about a suggested change to the definition of “personal information” to make is clear that a persistent identifier falls within that definition if it can be used to recognize a user over time or across different sites or services.  In connection with that,  the FTC is thinking about modifying the Rule’s definition of “support for internal operations” to state explicitly that activities like site maintenance and analysis, use of persistent identifiers for authenticating users, maintaining user preferences, serving contextual ads, and protecting against fraud and theft won’t be considered the collection of “personal information” as long what’s collected isn’t used or disclosed to contact a specific individual, including through the use of behaviorally-targeted advertising.

But don’t take our word for it.  It’s important to read the details of the proposal and file your comments by September 10, 2012.  Save a step by filing online.



You can't even protect and enforce the privacy of the adult consumers of this nation... why should we think our children's privacy would be any safer? You will do what you have always done, waste money on media/press releases that make the same tired promises with NO FOLLOW THROUGH! I for one, am so tired of your WORDS and PROMISES... try a little ACTION in the future.
This is important stuff. The most recent generations have grown up with the internet always being there. Since the original rule, the availability of the internet to kids has exploded. Its difficult to keep up with the rapid changes - but its very important to give our kids protection. Every company I have met with that has youth-enjoyed ecommerce in America is aware of COPPA. This is a good thing.

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.