FTC Adopts Children’s Online Privacy Protection Rule
The FTC announced today that they have adopted final amendments in the Children’s Online Privacy Protection Rule. The rule was modified in response to growing privacy concerns involving children online. The revision of the COPPA Rule is intended to ensure that the rules evolve along with technological progression.
The main concern addressed was a growing trend of data collection included in applications and on websites that children are likely to frequent. In the new revision the FCC has adopted eight final amendments to the existing rule.
The new rules will do the following:
Modify the list of personal information that is not to be collected by websites and applications, without parental consent. The list now includes geographical information, pictures, and video.
Offer companies a streamlined process to gain parental consent.
Close a loophole that previously allowed third-party data collection, without parental consent, through the installation of a plug-ins.
Extend rules to include third-party data collection in the COPPA rule.
Limit data collection and identification using ip addresses and mobile device IDs.
Compel internet service providers and website owners to make a reasonable effort to see that information collected from children is kept secure and confidential.
Compel website operators to adopt reasonable and secure means of record retention and deletion.
Strengthen the FTC’s oversight of self-regulatory safe harbor programs.
The announcement closed with this statement concerning the adoption of the Children’s Online Privacy Protection Rule revision:
“The Commission vote to issue the amended Final Rule was 3-1-1, with Commissioner J. Thomas Rosch abstaining. Commissioner Maureen Ohlhausen voted no and issued a dissenting statement on the ground that she believes a core provision of the amendments exceeds the scope of the authority granted by Congress in COPPA. She stated that, regardless of policy justifications, she cannot support extending COPPA’s statutory definition of “operator” to impose obligations on websites or online services that do not collect personal information from children or have access to or control of such information collected by a third-party.”
The amendments, effective July 1, 2013, will be published by notice in the Federal Register.