In a proposed amendment to rules that have been in effect since 2000, the Federal Trade Commission (FTC) has tabled revisions to the Children's Online Privacy Protection Act that "would require parental notification and consent prior to the collection of persistent identifiers where they are used for purposes such as amassing data on a child's online activities or behaviorally targeting advertising to the child". In describing the proposed changes (the proposed amendment runs to 122 pages), the FTC notes that these new rules would apply to any identifying or tracking technology (cookies) that would link a child's browsing behaviour across multiple web pages and services – ostensibly including advertising networks and metric/measurement/analytical service providers which routinely have access to such information.
Although a 'safe harbour' for compliance with self-regulatory programmes is included within the FTC's proposal, it did suggest that these programmes (and individual company compliance with these programmes) be more closely monitored and supervised – including mandatory audits every 18 months and reports detailing actions taken by the self-regulatory body against companies that do not comply. Clearly, one of the FTC's objectives is not only to ensure a mandatory review of compliance - even for those companies that have not been subject to proceedings - but also to create a record-keeping and reporting system that gives the FTC the ability to obtain detailed information about the proceedings and the compliance efforts of individual companies.
Comments, which are due by November 28 2011, may be filed with the FTC using its the Children's Online Privacy Protection Act Rule Review Form.
This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.