FTC’s proposed updates for COPPA

By Anne Collier

The US Federal Trade Commission has just announced its proposed changes for the 10-year-old Children’s Online Privacy Protection Act, the law that inadvertently created the social Web’s “minimum age” of 13 (in its effort to define an age when all children are developmentally able to protect their own privacy).

Because COPPA requires children’s sites and services to obtain parental consent before collecting kids’ personal information, the revisions address changes in definitions and technology over the past decade. “Personal information” now includes kids’ physical location (that for example uses cellphones’ geolocation technology) and “certain types of persistent identifiers … such as tracking cookies used for behavioral advertising,” the FTC says in its press release. “Parental consent” would be obtained in ways consistent with tech advances, possibly including “electronic scans of signed parental consent forms, video-conferencing, and use of government-issued identification checked against a database,” the FTC says. The proposed changes also respond to the advent of social media (social network sites, virtual worlds, online games, apps, etc.) in that sites can “allow children to participate in interactive communities without parental consent so long as the operators take reasonable measures to delete all or virtually all children’s personal information before it is made public,” and companies will also have to hold third parties such as app providers to the same privacy standards their services are held to. Do see the FTC’s press release for details on what it’s proposing.

Consider impact on kids’ options, free speech

It’s one thing to keep laws in sync with tech development – that’s important. It’s another to increase regulation of tech services. I urge parents not to take calls for greater regulation of children’s tech providers reflexively as 100% good. Especially where social technology and media are concerned (technology that plays host to human communication, behavior, and creativity), regulation is a two-edged sword. While aiming to protect, it can also have a chilling effect on innovation and free speech – in this case, product development and options for children. There is no question innovation and free speech can allow for harm, but free societies protect them because they fuel individual and collective learning, creativity, and productivity for citizens of all ages. If the cost of COPPA compliance becomes too high for children’s startups and small businesses, children will have fewer options for fun and learning in digital media. This deserves careful consideration.

In its coverage of the COPPA changes, the New York Times quotes a legal scholar as saying they won’t materially affect Internet companies because many avoid serving children under 13 anyway because of the cost of COPPA compliance even now. I’ve seen that too. So I hope wise regulators, advocates, and parents will thoughtfully seek the right balance of protection and innovation for businesses specifically serving children. Parents may also want to consider the impact on their own as well as their children’s privacy from new requirements for obtaining parental consent. They could ironically spell less privacy for parents as well as kids (i.e., more collection of parents’ personal info) in the well-intentioned pursuit of greater children’s privacy.

What might work better than regs

Also worth considering are all the new privacy-protection tech tools and services that work infinitely better than laws for fine-tuning online privacy to ever-changing individual and family needs. In “Kids, Privacy, Free Speech & the Internet: Finding the Right Balance,” author and digital-privacy scholar Adam Thierer at George Mason University points to a number of examples (starting on p. 9), including: search engines’ “opt-out” tools and the DuckDuckGo search tool that “blocks data collection altogether”; “stealth” browsing tools in Chrome, Firefox, and Explorer that reduce or block tracking; add-on cookie-management software products like “Cookie Monster,” “AdSweep,” and “Track Me Not”: and online reputation management tools such as Google’s free one and Reputation.com’s “MyPrivacy” for $4-8/mo.

The FTC invites the public to comment on the changes here. The comment period ends November 28, and the FTC is expected to finalize its revisions next year, the Times reports. “It can put them into effect without Congressional approval.”

Related links

* “A new book and a fresh look at online privacy” – a recent post of mine about the view from USC Profs. John Seely Brown and Douglas Brown in A New Culture of Learning
* On the FTC’s just-announced proposed changes: Adam Thierer’s “Some thoughts on FTC’s proposed COPPA revisions”
* On calls to extend COPPA to include 13-to-17-year-olds: tech policy analyst Berin Szoka’s blog post: “COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech”
* FTC’s proposed revisions to COPPA
* FTC page for public comments on the proposed changes
* FTC’s FAQ on current COPPA compliance
* My coverage of COPPA in pre-blog 2000

Leave a comment