Operators of websites that collect personal information from children should anticipate a revised set of regulations to navigate, and children (are you paying attention, children?) should anticipate a new set of regulatory speed bumps to slow their access to some parts of the Internet. On September 15, 2011, the Federal Trade Commission (FTC) proposed amendments to various aspects of the Children’s Online Privacy Protection Rule (the “Rule”), and is seeking public comments on its recommended revisions to the decade-old regulation. The Rule, promulgated pursuant to the Federal Children’s Online Privacy Protection Act (“COPPA”), was intended to curtail collection of personal information online from children under 13. The newly proposed iteration of the Rule aims not only to catch up with the ways in which technology — and its use by children — has evolved in the last decade, but also to anticipate future technological advances and their younger pool of users.
COPPA requires website operators or other online services that are either directed to children under 13 or that have actual knowledge that they are collecting personal information from children under 13 to obtain verifiable consent from parents before such information is collected, used or disclosed.
The proposed revisions to the Rule will, among other changes, expand the definition of “personal information” to include not only names, addresses, email addresses, phone numbers and other identifiers included in the current Rule, but also location information and certain types of cookies used for behavioral advertising. The methods by which pare
ntal consent is obtained — a topic of much debate and controversy in legal circles, and the subject of attempted forgeries by the under-13 crowd — also are being subject to review. The FTC proposes adding additional methods by which verifiable parental consent can be obtained, including scanned signed parental consent forms, consents obtained via video conferencing and use of government-issued IDs.
Additionally, the FTC wants operators to ensure that any third parties to whom operators disclose a child’s personal information, including outside service providers, have procedures in place to protect such information, including implementing reasonable measures to safeguard it against unauthorized access, retaining it on an as-needed basis and proper and prompt disposal.
Stay tuned for further updates on the evolution of the Rule to meet 21st century challenges. The FTC press release on this topic can be found by clicking here.