The Federal Trade Commission (FTC) announced new amendments on Wednesday intended to help bring the Children’s Online Privacy Protection Act (COPPA) into the digital age.
Penned in 1998 and put into effect in 2000, COPPA governs how data is collected and then used around children under the age of 13.The law demands that sites aimed at children require parental approval in order for minors under the age of 13 to use them. Sites can choose to ban minors altogether in order to avoid having to comply with the law, as does Facebook.
The FTC began looking for public comment on how to update COPPA in 2010, released recommendations in September 2011, and then issued its final recommendations Thursday. The new rules will go into effect on July 1, 2013.
Some changes will further restrict the information collected on children under the age of 13. But there is concern that other amendments may impact the way people of all ages access sites on the web.
The revisions eliminate a third-party loophole that allowed outside parties to gather data on children through website plug-ins and mobile apps without complying with COPPA regulations. Starting in July, These sites will have to comply with COPPA rules as if they were collecting that information first hand.
But some worry that to stay compliant, apps and services may demand that every user identify themselves and state how old they are—eliminating the possibility of ever privately surfing a site.
“In the scope of how these new rules applies to third parties, it might lead sites to have users identify themselves and provide their age,” says Deborah Caldwell-Stone, deputy director of the American Library Association’s Office for Intellectual Freedom. “That’s a concern. The First Amendment recognizes the right to receive information anonymously.”
Since COPPA is aimed at commercial sites, it does not impact public, academic, or school libraries. Yet ALA recommends that librarians understand the law so that they are able to explain it to parents and children. The new amendments address newer technologies that some patrons may want librarians’ guidance in using.
Mobile data, now included under the COPPA rule, was not prevalently used or collected when COPPA was instituted. Now, the list of “personal information” that cannot be captured without parental consent will include geo-location information, photographs, audio files, and videos that contain a child’s image or voice, along with IP addresses and mobile device IDs.
Parents will also have new ways to permit their children’s use of sites, using electronic payment systems, video-conferencing, and electronic scans of signed parental consent forms, among other forms, to indicate their approval.
One revision, however, will actually eliminate some sites’ need to gather parental approval: If a site is collecting data on its young users “for the sole purpose of supporting the website or online service’s internal operations, such as contextual advertising, frequency capping, legal compliance, site analysis, and network communications,” according to the amendments.
That mean that sites can potentially serve up ads that make sense within the page a child is viewing. Not allowed without parental consent? Behavioral advertising that is based on a user’s, or in this case a child’s, browsing history.
“The Commission takes seriously its mandate to protect children’s online privacy in this ever-changing technological landscape,” FTC Chairman Jon Leibowitz said in a release. “I am confident that the amendments to the COPPA Rule strike the right balance between protecting innovation that will provide rich and engaging content for children, and ensuring that parents are informed and involved in their children’s online activities.”