The proposed updates (.pdf) to the Children’s Online Privacy Protection Act of 1998 were welcomed by many in the privacy community. They see the new proposal as a means to combat behavioral advertising targeting America’s youth. By contrast, Facebook, Microsoft, the Entertainment Software Association, the Toy Industry Association and others are arguing for self-regulation when it comes to targeted, online behavioral advertising.
The law in question, commonly referred to as COPPA, is designed to protect the privacy of children under 13. Among other things, a major proposed upgrade generally would forbid websites and mobile apps that cater to children under 13 from deploying tracking cookies or using GPS location tracking for marketing without parental consent.
What’s more, the measure would prevent social media sites from allowing children under 13 to upload photos of themselves without parental consent.
Facebook’s Mark Zuckerberg suggested in the spring that his social network would like to expand to include those under-the-age of 13 (millions already sign-up by misrepresenting their age), but said that federal privacy laws would need to be relaxed for that to happen. Google+, a nascent competitor to Facebook, currently skirts COPPA by not allowing any users under the age of 18.
“With more than 7.5 million Facebook users under the age of 13, we hope these COPPA revisions will be implemented and enforced as soon as possible,” James Steyer, Common Sense Media’s chief executive, said in a statement.
The proposal, however, allows tracking “for purposes such as user authentication, improving site navigation, maintaining user preferences, serving contextual advertisements, and protecting against fraud or theft.” But parental consent is required “for purposes such as amassing data on a child’s online activities or behaviorally targeting advertising to the child.”
The Center for Democracy and Technology applauded the commission for not increasing the age of youths protected by the measure.
“The FTC proposal respects older minors’ constitutional right to access information without first obtaining parental consent,” said Leslie Harris, the center’s president. “By not expanding COPPA’s scope, the proposal avoids requiring all websites to try and age-verify their users.”
The D.C.-based policy group expressed alarm, however, over the FTC proposal requiring website operators to obtain scans of “government-issued identification” from parents to grant permission for their kids to upload photos, for example. The center said that “raises privacy concerns for parents” which could make them less willing to grant consent.
The FTC may enforce its rules in civil court, with penalties of up to $16,000 per violation. Online gaming company Playdom agreed in May to pay $3 million for sharing children’s personal information without parental consent.
Public comments to the FTC on the proposed changes must be lodged by November 28.