16 CFR Part 312, Children’s Online Privacy Protection Rule, Supplemental Notice of Proposed Rulemaking, Project No. P104503
The expansion of the definition of "Web site or online service directed to children" to include an online service that "knows or has reason to know that it is collecting personal information through any Web site or online service covered under paragraphs (a)-(c)" in unacceptably vague and imposes an undue burden on service providers who may have great difficulty preventing their use by such sites or services. For example, would a single e-mail indicating that a Web site directed to children had started using an online service impose COPPA enforcement requirements on the service provider? Further, if the use of the online service is not authorized for the web site directed to children, as in a case where the online service's Terms of Service forbid its use by web sites directed to children, would such an unauthorized use still subject the online service provider to the COPPA enforcement requirements? If so, can the Commission propose any practical mechanism by which the online service provider can prevent such unauthorized uses without substantially interfering with authorized uses and users?