The Senate Commerce Committee held a hearing today about issues surrounding the Children's Online Privacy Protection Act (COPPA) and if it should be updated to address online data collection practices, social networks, and the mobile web.
"It is clear that the single biggest change impacting the privacy of children since the adoption of COPPA has been the emergence of social network services, such as Facebook, MySpace, and Twitter," said Marc Rotenberg, Electronic Privacy Information Center (EPIC) Executive Director.
"These web-based platforms provide new opportunities for kids to interact online and also for companies to gather up information."
EPIC also criticized the Federal Trade Commission's (FTC's) failure to enforce children's privacy rights despite clear violations of federal law. Rotenberg cited EPIC's FTC complaint against Echometrix, a company selling "parental control" software that secretly monitored children's online activity for marketing purposes. The FTC ignored EPIC's complaint, but the Department of Defense shut down sales of the product.
EPIC recommended updates that would expand COPPA protections to teens and clarify the law's application to mobile and social network services.
"The emergence of social networks and the powerful commercial forces that are seeking to extract personal data on all users of these services, but particularly children, raise new challenges that the original COPPA simply did not contemplate," said Rotenberg. "Today, I recommend that Congress raise the age requirement in COPPA to 18."
The FTC's COPPA Rule took effect in 2000. The Rule requires operators of Web sites and online services that target children under age13 to obtain verifiable parental consent before they collect, use, or disclose personal information from children. They also must give parents the opportunity to review and delete personal information their children have provided.