The Federal Trade Commission today unveiled updated rules for how websites, apps, and third-party networks should handle the personal information of children.
The new rules overhaul the Children's Online Privacy Protection Act (COPPA), which requires parental permission for the collection of data for kids under 13. It has not been updated since 1998—before Facebook, Twitter, or smartphones.
"That was another era," Sen. John Rockefeller, chairman of the Senate Commerce Committee, said during an event today on Capitol Hill.
"The original COPPA never anticipated the exponential growth of the mobile marketplace," Rockefeller said. "COPPA never anticipated the widespread availability and popularity of software, otherwise known as apps, that are installed on these smartphones. COPPA never fully appreciated the third-party companies ... who make their living off grinding out, through various technological tricks, private information about kids 12 and under."
The FTC has been reviewing COPPA in the hopes of bringing it more in line with 2012 realities. After asking for public comments on the matter in 2010, the agency in Sept. 2011 released several recommendations for how the law might be updated and opened that up to public comment. The FTC received 350 comments on the matter, prompting it to release updated recommendations in August.
Today, the agency released final recommendations, which will go into effect on July 1, 2013.
The FTC laid out eight amendments to COPPA. Specifically, it adds to the list of "personal information" that cannot be collected without parental consent to include geolocation information, photographs, and videos.
The rules also offer an easy way for companies to let parents provide their consent: like electronic scans of signed parental consent forms; video-conferencing; use of government-issued identification; and alternative payment systems, such as debit cards and electronic payment systems.
The rules close a loophole that let third parties collect children's information via plug-ins, and extends coverage under COPPA to more of these third-party companies.
COPPA will now cover persistent identifiers like IP addresses and mobile device IDs, and require website and app operators to take "reasonable steps" to ensure that children's information is only released to companies that can keep it secure. Those websites must also adopt procedures for data retention and deletion.
The update does not extend liability to platforms, such as Google Play or the App Store, when such platforms merely offer the public access to child-directed apps, the FTC said.
FTC Chairman Jon Leibowitz said the updates broaden and clarify COPPA in order to "safeguard the privacy of our most vulnerable members of society."
Under COPPA, the FTC has the authority to implement and update the rules.
The update comes shortly after the FTC released a report that found app makers are failing to provide parents with adequate information about how their apps collect and distribute information about children. Mobile apps are siphoning an "alarming" amount of data about kids without disclosure, the FTC said last week.
For more from Chloe, follow her on Twitter @ChloeAlbanesius.
Login or Register blog comments powered by Disqus
No comments:
Post a Comment