FTC Seeks Comments on Revising COPPA Rule

This posting was written by Cheryl Beise, Editor of CCH Guide to Computer Law.

The FTC announced on March 24 that it is seeking public comments on the costs and benefits of the agency’s Children’s Online Privacy Protection Act (COPPA) Rule.

The COPPA Rule has not changed since its adoption ten years ago. Changes to the online environment over the past five years, including children’s increasing use of mobile technology to access the Internet, warrant reexamining the Rule, the agency said.

COPPA imposes requirements on operators of websites or online services that are aimed at children under 13 years of age, or that knowingly collect personal information from children under 13.

The COPPA Rule requires that online operators notify parents and get their permission before collecting, using, or disclosing children’s personal information. It also imposes security requirements and restrictions on use of information collected about children.

Issues the FTC would like to see addressed are:

• What implications for COPPA enforcement are raised by mobile communications, interactive television, interactive gaming, or other similar interactive media?

• How are automated systems—those that filter out any personally identifiable information prior to posting—being used to review children’s Internet submissions?

• Do operators have the ability to contact specific individuals using information collected from children online, such as persistent IP addresses, mobile geolocation data, or information collected in connection with behavioral advertising? Should the Rule’s definition of “personal information" be expanded accordingly?

• Are there additional technological methods for obtaining verifiable parental consent that should be added to the COPPA Rule? Should any of the current methods be removed?

• Are parents exercising their right under the Rule to review or delete personal information collected from their children? What challenges do operators face in authenticating parents?

• Does the Rule’s process for the FTC’s approval of self-regulatory guidelines (safe harbor programs) enhance compliance? Should the criteria for FTC approval and oversight of the guidelines be modified?

The 90-day comment period will end on June 30, 2010.

The Request for Public Comment on the Federal Trade Commission’s Implementation of the Children’s Online Privacy Protection Rule is posted here on the FTC’s website. The FTC’s March 24 Press Release is available here.