Today new rules come in to play in the US that revise the ways in which mobile apps, websites and social networking sites can collect and use behavioural data on child users under the age of 13 in an effort to give parents greater control over the information that can be collected.
The updates published last December follow a two-year FTC-led review of the Children’s Online Privacy Protection Act (COPPA) in an effort to keep privacy legislation in step with advances in technology, particularly where it is used to track information about child users over time.
When the amendments were published, Jon Leibowitz, Chairman of FTC said:
“Let’s be clear about one thing: under this rule, advertisers and even ad networks can continue to advertise, even on sites directed to children. Business models that depend on advertising will continue to thrive. The only limit we place is on behavioral advertising, and in this regard our rule is simple: until and unless you get parental consent, you may not track children to build massive profiles for behavioral advertising purposes. Period.”
The amendments to COPPA make it more challenging to market to children or collect data by expanding the definition of what constitutes personal information to include things like photos, videos, and audio files. Most significantly, personal information now includes any persistent identifier that can recognize users over time and across different websites or online services, such as IP addresses and mobile device IDs.
As a result, ad networks, social plug-ins and other third parties associated with kid’s apps and websites are now under the spotlight. These companies may not knowingly collect children’s information or track their behaviour without parental consent. They, along with the integrators of these technologies, may be held liable for civil penalties of up to $16,000 per violation.
“The updated COPPA rules signal a major evolution in the FTC’s approach to privacy regulation. Foundational changes to the scope and rigor of the rule make clear that the FTC remains very serious about children’s privacy. If you have yet to assess how COPPA affects you, now is the time to start.”
Todd Daubert – Partner, Dentons
In more detail the final amendments will:
- modify the list of “personal information” that cannot be collected without parental notice and consent, clarifying that this category includes geolocation information, photographs, and videos
- provide new tests for determining if a website or service is targeted to children
- offer new ways of getting parental consent through scan-and-send, video conferencing and other payment systems
- strengthen data security protections by requiring that covered website operators and online service providers take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential
- require that covered website operators adopt reasonable procedures for data retention and deletion
- strengthen the FTC’s oversight of self-regulatory safe harbor programs
As a consequence of these changes, it is essential that app developers ensure their child-directed apps are obtaining parental consent or providing an experience that does not come in conflict with COPPA. While App stores like Google Play or the Apple iTunes store are exempt from the rule, the apps which they offer are not.
For more information about the revised rule, visit FTC’s COPPA page for Business.
mefminute 
[…] the FTC’s new COPPA rules come into force, the way mobile apps, websites and social networks are able to go about collecting […]