The Federal Trade Commission (FTC) is publicly reviewing its rules for the Children’s Online Privacy Protection Act (COPPA), the premier law protecting minors’ data in the United States. The regulation was last updated in 2013 and the online world has changed dramatically even in just the years since then.
Enacted in 1998, with rules first issued in 2000, COPPA requires websites and online services to get verifiable parental consent for data collection and use for kids under the age of 13. The Act covers websites directed to kids, general audience sites with actual knowledge that a child uses/accesses the sites, and so forth. (For COPPA compliance information, see this Insights Association members-only COPPA white paper.)
As explained in the draft Federal Register notice, the FTC “is conducting its ten-year review early because of questions that have arisen about the Rule’s application to the educational technology sector, to voice-enabled connected devices, and to general audience platforms that host third-party child-directed content. In addition to requesting comment on these issues, the Commission requests comment on the costs and benefits of the Rule, as well as on whether certain sections should be retained, eliminated, or modified.”
In addition to asking if any of the existing COPPA provisions require an update, and how COPPA applies to the contexts above, the notice asks:
- “Has the Rule affected the availability of websites or online services directed to children?”
- Should “exceptions to parental consent” be added for “the use of education technology where the school provides consent for the collection of personal information from the child… [or] the collection of audio files as a replacement for text, where the audio files are promptly deleted… in line with the” FTC’s enforcement policy statement”?
- Are there “circumstances in which general audience platforms with third-party, child-directed content should be able to rebut the presumption that all users interacting with that content are children”? If that were allowed, “operators of general audience platforms could, in certain circumstances, collect personal information from users on their sites that they determine are age 13 or older.”
- Should the Commission modify the Rule to encourage general audience platforms to identify and police child-directed content uploaded by third parties?
- Should COPPA "be amended to better address websites and online services that may not meet the current definition of ‘Web site or online service directed to children,’ but that have large number of child users”? For instance, “should the definition… be amended, consistent with the statute, to cover these types of websites and, if so, what type of changes would be required? Are there other proposed amendments, consistent with the statute,” that the FTC should consider to COPPA-protect “children using these sites and services”?
- What are the implications for COPPA enforcement raised by technologies such as interactive television, interactive gaming, or other similar interactive media?
“In light of rapid technological changes that impact the online children’s marketplace,” commented FTC Chairman Joe Simons, “we must ensure COPPA remains effective.”
The Insights Association invites member feedback on these and other COPPA issues and concerns. The FTC plans a COPPA workshop for October 7 and comments will be due in three months.