Citing rapid changes in technology, the Federal Trade Commission (FTC) asked for feedback on the Children’s Online Privacy Protection Act (COPPA) Rule and whether additional changes are needed to improve its effectiveness.
Although the agency typically reviews its rules every ten years and the COPPA Rule was last amended in 2013, the FTC expressed concern that changing technology has triggered a more urgent need for its re-examination of the Rule, especially “questions that have arisen about the Rule’s application to the educational technology sector, to voice-enabled connected devices and to general audience platforms that host third-party child-directed content.”
In its Federal Register Notice, the FTC posed its standard regulatory review questions to determine whether the Rule should be retained, eliminated or modified. The agency also asked for input on whether the last round of revisions to the Rule in 2013 resulted in stronger protections for children and more meaningful parental control over the collection of personal information from children, or if those changes had any negative consequences.
The FTC further requested comment on all major provisions of the Rule, including definitions, the requirement that operators post notices of their privacy practices, the methods of obtaining verifiable parental consent before collecting children’s information, security requirements, the parental right to review or delete children’s information, and the safe harbor provisions.
In one question, the agency wondered if additional categories of information should be added to the definition of “personal information,” such as genetic data, fingerprints, retinal patterns or other biometric data.
The agency also queried whether exceptions to parental consent are warranted for the use of education technology where the school provides consent for the collection of personal information from the child or when audio files are collected as a replacement for text, and the audio files are promptly deleted.
Should operators of general audience platforms with third-party, child-directed content have an opportunity to rebut the presumption that all users interacting with that content are children, the FTC asked, and if so, should such operators be permitted to collect the personal information of users on their sites once they determine they are age 13 or older?
“Finally, the Commission seeks comment on whether the COPPA Rule should be amended to better address websites and online services that may not meet the current definition of ‘Web site or online service directed to children,’ but that have large numbers of child users,” according to the Federal Register Notice. “For example, should the definition of ‘Web site or online service directed to children’ be amended, consistent with the statute, to cover these types of websites and, if so, what type of changes would be required? Are there other proposed amendments, consistent with the statute, for the Commission to consider to ensure children using these sites and services receive COPPA protections?”
For additional input on the Rule, the FTC scheduled a public workshop for Oct. 7, 2019, titled “The Future of the COPPA Rule: An FTC Workshop.”
For more information about the regulatory review of the COPPA Rule, click here.
Why it matters: Operators of websites or online services that collect children’s personal information or that host content that is child-directed within their platforms, products, or services, or that collect personal information from operators that host child-directed content, should stay engaged with FTC efforts in this area in order to understand how any proposed changes might affect their compliance obligations. Stakeholders should take advantage of the feedback opportunity, whether by commenting or by attending the workshop. Those wishing to participate in the workshop must submit their information by Aug. 19, 2019. Written comments must be filed with the FTC 90 days after publication of the notice in the Federal Register.