The overhauled Children’s Online Privacy Protection Act Rule (COPPA) went into effect on Monday, the US Federal Trade Commission (FTC) announced.
The rule has been updated to keep pace with burgeoning personal information – much of it coming from children’s increased use of mobile devices and social networking, such as cookies that track a child’s activity online, geolocation information, photos, videos, and audio recordings.
One aim is to restrict advertising targeted at children.
FTC Chairwoman Edith Ramirez said in the release that the updated COPPA rule will also help parents control personal information about their children – specifically, those under the age of 13.
But the new rule is leaving app developers scratching their heads over how they’re supposed to avoid collecting children’s personal information.
For example, they’re wondering just what, exactly, they’re now responsible for when a parent hands their tablet to a child, the leader of a trade group told IDG News Service’s Grant Gross.
Morgan Reed, executive director of the Association for Competitive Technology (ACT), told Gross that that’s just one question raised by the rule revision:
"How do we make the goals of COPPA function in a technological world where a parent might hand their tablet computer from the front seat of the car to the back seat of the car? How does the developer know when he has to change behavior... when that tablet goes over the divider?"
The COPPA rule requires that operators of websites or online services that are either directed to the under-13 crowd or have actual knowledge that they’re collecting personal information from them give notice to parents and get their verifiable consent before collecting, using, or disclosing such personal information, and that they keep it secure.
A technology-focused lawyer, John Feldman, told IDG that the FTC will likely give companies time to work out the details of complying with the new rule:
"Those who are seeking to comply and are making bona fide efforts in that regard - and can demonstrate that through documentation of modified procedures and monitoring practices - will probably get more latitude for an extended timeline than those who are simply wringing their hands."
The FTC is trying to help developers caught in the weeds of the new COPPA, and it’s also trying to help parents understand the new rule.
Some of the tools it’s put out to help (links to all are posted here):
- A six-step compliance plan for businesses,
- A COPPA compliance email hotline at COPPAHotLine@ftc.gov,
- An updated guide for parents,
- An updated FAQ, and
- A guide that helps businesses figure out if their site is subject to COPPA.
I hope the new rule lessens the amount of targeted advertising parents have to fend off.
But if history is an indication, it will be an uphill battle.
Facebook and Google, for example, have pulled some fancy footwork to get out of having to ask for parental signoff.
All they had to do was stipulate that you have to be at least 13 years old to use their services, as Graham Cluley noted back in December 2011.
In spite of such terms of service, a survey taken at that time found that 55% of children under the age of 12 had Facebook accounts.
Another study by New York University found that 76 percent of the underage kids registered their social networking accounts with the help of parents.
For his part, Facebook founder Mark Zuckerberg has said in the past that he will “at some point” challenge the law restricting children from joining his social network.
I don’t know if he’s still singing the same tune.
But I’m sure most parents, if they don’t necessarily want to keep their kids off Facebook, per se, would at least want to be in the loop if they do join that or any other social networking site.
That way, hopefully, they can better keep their children free from targeted advertising.
And, given that we’re now talking about personal information coming out of mobile devices, including geolocation, parents can hopefully better control just exactly who knows where their children are at any time.
That should never have been information that was up for grabs.Follow @NakedSecurity