FTC Expands Regulations to Protect Kids Online

The FTC has added new amendments to the Children's Online Privacy Protection Act that protect kids and give parents more control.

Young Internet users will soon be better protected in the online world.

The Federal Trade Commission (FTC) has adopted final amendments to the Children's Online Privacy Protection Act (COPPA) that give kids greater protection and parents greater control over the information that third parties can collect about those under 13 years old.

"The Commission takes seriously its mandate to protect children's online privacy in this ever-changing technological landscape," FTC Chairman Jon Leibowitz said in a Dec. 19 statement. "I am confident that the amendments to the COPPA Rule strike the right balance between protecting innovation that will provide rich and engaging content for children, and ensuring that parents are informed and involved in their children's online activities.”

In 2010, the FTC initiated a review of COPPA to make sure that the legislation was keeping pace with technology. The new amendments, the FTC said in its statement:

• modify the personal information that cannot be collected without parental consent and clarify that such information can include location information, photographs and video;

• offer companies more streamlined and transparent approval processes for getting parental consent;

• close a loophole that allowed Websites to collect information from children without parental notice or consent;

• extend coverage so that third parties that had taken advantage of the loophole also have to comply with COPPA;

• strengthen data security protections by requiring that website operators and service providers only release children's personal information to companies capable of keeping it secure and confidential;

• insist that site operators adopt reasonable practices for data retention and deletion; and

• strengthen the FTC's oversight of self-regulatory safe harbor programs.

The new rules also modified several definitions. “Operator” has been updated to make clear that the rule applies to child-directed sites or services that integrate outside services that collect information. "This definition does not extend liability to platforms, such as Google Play or the App Store, when such platforms merely offer the public access to child-directed apps," wrote the FTC.

The definitions of “collection” and “services director to children” were changed, as was “personal information”—which now includes geo-location information and photos, videos and audio files that contain a child's image or voice.

The amendments also expanded what constitutes "parental consent" to mean electronic scans of signed consent forms, video conferencing, the use of government-issued IDs and payment systems such as debit cards and electronic payment systems.

Earlier this month, the FTC released a report detailing its examination of the 400 most popular children's apps in the Google Play and Apple App Store. While 15 percent of the app disclosed that they included advertising, 58 percent actually did. Similarly, 9 percent stated that they included links to social networks while 22 percent actually did. Nearly 60 percent were also found to be transmitting information to app developers, ad agencies or third parties in a way that would enable them to "potentially develop detailed profiles on the children based on their behavior in different apps."

In all, the FTC said it found the results of the survey "deeply troubling." Leibowitz added, "All of the companies in the mobile app space, especially the gatekeepers of the app stores, need to do a better job."