16 CFR Part 312; Children’s Online Privacy Protection Rule Review; Project No. P104503
The minor revisions to 16 CFR § 312.8 leave this provision vague and open to broad interpretation. It offers website operators little guidance on specific steps or minimum standards they should take to protect and reasonably ensure the confidentiality, security, and integrity of personal information collected from children under 13. The Commission should offer website operators more specific direction. Any revisions to § 312.8 should also require commercial website operators to notify parents whenever the confidentiality, security, and integrity of personal information about child users is compromised. The revisions to 16 CFR § 312.4 do little to improve the way website operators inform parents on how personal information about their children will be used online. Notices generally remain long, vague, and difficult to understand. The Commission should take this opportunity to simplify parental notices. Overall, the enhancements to the COPPA Rule are a step in the right direction. But much remains to be done. A more appropriate model would require general audience website operators that appeal to a younger age group to make reasonable and diligent efforts to determine if a child is registering or posting personal information online, taking into consideration available technology.