Skip to main content

FTC to Review Data Collection Requirements For Services Aimed at Kids Online

The Federal Trade Commission has launched a review of its
requirements for Web site operators aiming services at kids under 13 or
collecting data from them.

The FTC announced Wednesday (March 24) a review of its rules
implementing the Children's Online Privacy Protection Act (COPPA). The Bush FTC
reviewed the 2000 rule back in 2005 and decided it didn't need any updating.

But the current FTC "believes that changes to the
online environment over the past five years, including children's increasing
use of mobile technology to access the Internet, warrant reexamining the rule."

In a request for comment on the rule, the commission is
posing a series of questions that suggest it may see a need for updating for
the digital age. The FCC is currently undertaking a review of its rules on kids
TV and TV-related online content to identify any digital-age fixes that may be

"Children's media, privacy and consumer groups have
told the FTC they must ensure COPPA continues to safeguard privacy for those
under 13 years of age," says Jeff Chester of the Center for Digital
Democracy. "The agency must bring its regulations on COPPA up to date,
including specifically prohibiting the use of cookies and other techniques that
track, profile and target kids on children's commercial sites."

We have asked the FTC to address Project Canoe and other new
forms of TV based-data collection," he says, noting that the first
question the FTC raises is about the impact of gaming and interactive media.
"Protecting children's privacy online has enjoyed the support of both
parties. We expect that will continue, in Congress and the FTC.

Among the questions the FTC wants the public's help in

"What implications for COPPA enforcement are raised by
mobile communications, interactive television, interactive gaming, or other
similar interactive media?"

"Whether operators have the ability to contact specific
individuals using information collected from children online, such as
persistent IP addresses, mobile geolocation data, or information collected in
connection with behavioral advertising, and whether the Rule's definition of
"personal information" should be expanded accordingly.

"Whether there are additional technological methods to
obtain verifiable parental consent that should be added to the COPPA Rule, and
whether any of the methods currently included should be removed."

"Whether parents are exercising their right under the rule
to review or delete personal information collected from their children, and
what challenges operators face in authenticating parents."
"Whether the Rule's process for FTC approval of self-regulatory guidelines
- known as safe harbor programs - has enhanced compliance, and whether the
criteria for FTC approval and oversight of the guidelines should be modified in
any way."