The Federal Trade Commission (FTC) has proposed amendments to an existing law aimed at restricting the ability of websites to collect, disclose, and monetize children’s personal information.
Under the current Children’s Online Privacy Protection Act (COPPA), website operators are required to obtain verifiable parental consent before collecting personal data from children under 13 years old.
The COPPA rule also limits the personal data that websites and other online services can collect from children, restricts how long they can retain such data, and requires them to secure the data.
In a statement on Dec. 20, FTC chair Lina Khan said that children should be able to play and learn online “without being endlessly tracked by companies looking to hoard and monetize their personal data.”
“The proposed changes to COPPA are much-needed, especially in an era where online tools are essential for navigating daily life—and where firms are deploying increasingly sophisticated digital tools to surveil children,” Ms. Khan said.
“By requiring firms to better safeguard kids’ data, our proposal places affirmative obligations on service providers and prohibits them from outsourcing their responsibilities to parents,” she added.
The proposed changes would require operators to get “separate verifiable parental consent” before disclosing children’s personal data to third parties unless the disclosure is “integral” to the nature of the website.
The FTC also proposed prohibiting operators from using online “persistent identifiers” to boost user engagement with the website, such as through sending push notifications, without getting parental consent.
“If operators claim this exception in the future, the FTC wants them to provide an online notice explaining the specific operations for which they’re collecting those identifiers and how they will ensure identifiers aren’t used to contact specific people, including through targeted advertising,” it stated.
In addition, operators would be prohibited from utilizing specific COPPA exceptions to send push notifications aimed at encouraging children to increase their usage of the website or online services.
The FTC also suggested allowing operators to retain children’s personal information “only for as long as necessary to fulfill the purpose for which it was collected.” Operators would be prohibited from using retained information for secondary purposes.
Operators will need to create a written children’s personal information security program and implement it, including safeguards appropriate to the sensitivity of the information collected from kids.
“The public will have 60 days to submit a comment on the proposed changes to the COPPA Rule after the notice is published in the Federal Register,” the FTC stated.
Urgently Needed Online Safeguards
Katharina Kopp, director of policy at the nonprofit Center for Digital Democracy, said the FTC’s proposed new rules provide “urgently needed” online safeguards.
“These rules will also protect young people from being targeted through the increasing use of AI, which now further fuels data collection efforts. Young people 12 and under deserve a digital environment that is designed to be safer for them and that fosters their health and well-being.
“With this proposal, we should soon see less online manipulation, purposeful addictive design, and fewer discriminatory marketing practices,” Ms. Kopp said in a statement.
Haley Hinkle, policy counsel at the nonprofit organization Fairplay, urged people to support the proposed new rules, especially if they believe that children should be able to play online without being tracked.
“With this critical rule update, the FTC has further delineated what companies must do to minimize data collection and retention and ensure they are not profiting off of children’s information at the expense of their privacy and well-being,” Ms. Hinkle said.
Ms. Hinkle said the FTC’s recent COPPA enforcement actions against Epic Games, Amazon, Microsoft, and Meta demonstrated that “Big Tech does not have carte blanche with kids’ data.”
Earlier in May, the FTC alleged that Meta had failed to comply with a 2020 privacy order and proposed expanding its scope to prohibit the company from monetizing the data of children and teens. On Nov. 27, a Washington federal court ruled that FTC could move ahead with modifying the order.
In response, the company filed a lawsuit at the same court on Nov. 29, asking it to “permanently” prohibit such FTC proceedings. Meta also called the FTC’s proposed expansion of the 2020 privacy order a “political stunt.”
Naveen Athrappully contributed to this report.
Friends Read Free
Copy
Facebook
Tweet
