Today, the Federal Trade Commission's updated Children’s Online Privacy Protection Act rules officially go into effect. The modifications, first announced last year, attempt to keep the safeguards on the collection of young children's information current with expanding technology.
The new rules not only extend the scope of what is meant by "personal information" to include things like geolocation data, but also close some loopholes that allowed information to be collected via third-party plug-ins.
Here's a short list of the changes that went into effect today:
- Modify the list of “personal information” that cannot be collected without parental notice and consent, clarifying that this category includes geolocation information, photographs, and videos;
- Offer companies a streamlined, voluntary and transparent approval process for new ways of getting parental consent;
- Close a loophole that allowed kid-directed apps and websites to permit third parties to collect personal information from children through plug-ins without parental notice and consent;
- Extend coverage in some of those cases so that the third parties doing the additional collection also have to comply with COPPA;
That last little bit, about the plug-ins, was a particularly annoying little addition for Facebook, who wrote the FTC asking them to reconsider. Their “like” button, which appears pretty much everywhere, could be affected. They claim such regulations could “chill innovation.”
“At the FTC, protecting children’s privacy is a top priority,” said FTC Chairwoman Edith Ramirez. “The updated COPPA rule helps put parents in charge of their children’s personal information as it keeps pace with changing technologies.”
The FTC has also said that they will continue with their "safe harbor" programs that let companies take COPPa compliance into their own hands:
To coincide with the amended COPPA rule taking effect, the FTC has also continued five “safe harbor” programs, whose guidelines now reflect the modified rule. Under COPPA, safe harbor status allows certain organizations to create comprehensive self-compliance programs for their members. Companies that participate in a COPPA safe harbor program are generally subject to the review and disciplinary procedures provided in the safe harbor’s guidelines in lieu of formal FTC investigation and law enforcement. COPPA safe harbor programs are offered by Aristotle International, Inc., the Children’s Advertising Review Unit of the Council of Better Business Bureaus, ESRB Privacy Online, TRUSTe, and Privo, Inc.
For those interested, the FTC has also released a 6-step compliance guide.