The Federal Trade Commission today moved to make a key children's online privacy law more up-to-date in a world of smartphones and social networks.
The agency has approved amendments to the regulations implementing the Children's Online Privacy Protection Act, or COPPA, that would require apps and Web sites that target children to obtain parental consent before collecting geo-location information, or photos, videos or audio files that include a child's image or voice. The law was also expanded to cover services that track kids' online activity -- namely, which sites they visit -- and then give the information to third-parties, like advertisers.
"The Commission takes seriously its mandate to protect children's online privacy in this ever-changing technological landscape," said FTC Chairman Jon Leibowitz in a statement. "I am confident that the amendments to the COPPA Rule strike the right balance between protecting innovation that will provide rich and engaging content for children, and ensuring that parents are informed and involved in their children's online activities."
But Apple and Facebook, the biggest companies associated with apps and social media, may not feel much of an effect at all.
The changes, the first since the law took effect in 1998, apply only to sites that specifically target children. They don't apply to third-party plug-ins -- such Facebook's "Like" button -- or ad networks, unless the companies behind them have "actual knowledge" that they are collecting information from a service that's specifically for children.
The commission defines those who have "actual knowledge" as a third-party that has been told directly its plug-in or advertisement is on a site for children, or if the third-party company recognizes that the site is specifically for kids, according to the updated rules (PDF).
Then there are app platforms like Apple's App Store, the largest single source of apps in world. Platforms like Apple's won't have to make sure they sell apps that follow the new law. But apps made available there are hardly untouchable. On Monday, for instance,from the Apple App Store after an an advocacy group filed a complaint with the FTC alleging that the game violated children's online privacy rights by collecting their e-mail addresses without parents' permission.
And the rule changes themselves may prove vulnerable to challenge in court or in Congress. "I believe a core provision of the amendments exceeds the scope of the authority granted us by Congress in COPPA, the statute that underlies and authorizes the rule," commissioner Maureen Ohlhausen wrote in her dissenting statement. "I do not believe that the fact that a child-directed site or online service receives any kind of benefit from using a plug-in is equivalent to the collection of personal information by the third-party plug-in on behalf of the child-directed site or online service."
The FTC has the support of at least one key figure on Capitol Hill. Jay Rockefeller, a Democrat from West Virginia and the chairman of the Senate Commerce Committee, issued a statement today saying that the changes were "long overdue," and necessary for a world filled with smartphones, apps and social network. He said he would "determine if Congress should act to make further changes in the law" --
The new rule puts all online companies on notice, no matter who they are, that they are required to comply with the law. Under the new rule, when a children's website or application allows third-parties to collect information from children, those websites and apps will be liable under COPPA. Furthermore, those third-parties will also be held liable if they know they are collecting information on websites or apps directed toward children.
The changes come after the FTC releasedlast week slamming the app industry for not providing parents enough information about privacy. The report encouraged app companies to develop best practices to ensure parents were educated on privacy options.
The new rules are set to go into effect July 1, 2013.