16 CFR Part 312, Children’s Online Privacy Protection Rule, Supplemental Notice of Proposed Rulemaking, Project No. P104503
To provide some background on my perspective, I'm a senior engineer and consultant in the technology field who specializes in application development, architecture, practices, and business intelligence. My client list includes government and military organizations and Fortune 500 companies. I am also the father of two young girls, under the age of 13. What concerns me about this law is that it is not entirely clear what constitutes the act of collecting information, and the conditions under which that activity actively or passively violates the law. Web server logs keep a record of the IP address from which any request for image or content was issued, map integration in an application may utilize geolocation data to provide localized results... the current generation of technology provides highly personalized features and functionality, and integrates very freely across the web. Some interpretations of this language can slam the brakes on many web-based APIs, mobile apps, and analysis tools, since this cuts at the heart of what enables many solution providers to strategize around usage of services, protect their networks, and provide the functionality that empowers the public with technology, yet it doesn't convincingly articulate what problem this additional regulation solves, how it will be effective in doing so, and why this is a reasonable balance. And while setting such a high, cumbersome hurdle for technology developers to vault, we're sort of ignoring the most effective means of preventing the dissemination of information over the internet. Much in the same way you will have more success plugging an oil spill at the pipeline, the solution is much closer to the keyboard. For similar reasons that I don't drop my children off in front of the liquor, tobacco, and XXX emporium to pass their idle time, I don't leave them unattended in front of a computer that's connected to the internet behind closed doors, and without a router white-list that indiscriminately restricts access to anything that I can't personally imagine that they will need to access for their education and entertainment. I think it's a small matter for parents to educate themselves on how to regulate their child's online activities. The resources being dumped into trying to sanitize the vast, acentric expanse of cyberspace (much of which lies outside of the jurisdiction of the FTC anyway) could be more effectively employed providing the minimal requisite tools and education to parents - who have already demonstrated the wherewithal to assemble several hundred dollars worth of hardware and wire to make that connection - in order that they learn how to effectively control access to it.