Industry Opposes Federal Trade Commission Proposed Changes to Children’s Online Privacy Protection Act (COPPA) Rules
At the end of December, MPA, in conjunction with other affected industries and organizations, filed comments on the FTC’s “proposed rule” to amend COPPA issued on Sept 15th. The broad industry comments noted the significant cumulative effect of the changes and the potential for negative impacts on companies and parents. The changes would lead to parents being inundated with multiple and lengthy notices, and elimination of a well-established, effective, and simple method of obtaining parental consent. The industry also argued that the FTC’s proposed redefinition of “personal information” is not supported by the COPPA statute.
Some of the key changes proposed by the FTC include: extending the definition of personal information to capture geolocation information, persistent identifiers used by first parties, and any identifiers that link children’s activities across websites; requiring “just-in-time” notice to parents before websites may collect children’s information; eliminating “e-mail plus” means of obtaining parental consent for internal uses of data; mandating deletion of information when no longer reasonably necessary as well as data security procedures; and requiring self-regulatory safe harbor programs to conduct annual audits of its members.
On the positive side, the FTC did not propose to apply the rule to children over the age of 13 or apply a more stringent standard for general audience websites, which currently have to abide by COPPA rules only when they have actual knowledge that they are collecting information from children.