The Federal Trade Commission announced on August 1, 2012 that it is publishing a Federal Register Notice seeking public comments on proposed changes to the Children’s Online Privacy Protection (COPPA) Rule (16 CFR Part 312).
Proposed modifications to the definitions of “operator” and “website or online service directed to children” would allocate and clarify the responsibilities under COPPA when third parties—such as advertising networks and providers of downloadable software “plug-ins”—collect personal information from users through child-directed websites or services.
The Commission proposes to state within the definition of “operator” that personal information is “collected or maintained on behalf of” an operator when it is collected in the interest of, as a representative of, or for the benefit of, the operator. This change would make clear that an operator of a child-directed site or service that integrates the services of others that collect personal information should itself be considered a covered “operator” under the Rule.
The Commission also proposes to modify the definition of “website or online service directed to children” to:
(1) Clarify that a plug-in provider or ad network is covered by the Rule when it knows or has reason to know that it is collecting personal information through a child-directed website or online service;“Personal Information”
(2) Allow websites with mixed audiences of children and adults to age-screen visitors in order to provide COPPA’s protections only to users under age 13; and
(3) Clarify that child-directed sites or services that knowingly target children under 13 as their primary audience or whose overall content is likely to attract children under age 13 as their primary audience must still treat all users as children.
Finally, the Commission proposes to modify the Rule’s definition of “personal information” to make it clear that a persistent identifier will be considered personal information when it can be used to recognize a user over time, or across different sites or services, and when it is used for purposes other than support for internal operations.
Use of such identifiers in the course of such activities as site maintenance, network communications, authentication of users, serving contextual advertisements, and protecting against fraud and theft would not be considered collection of personal information, as long as the information collected is not used to contact a specific individual, including through the use of behaviorally-targeted advertising.
Public comments will be accepted through September 10, 2012. Details are available here on the FTC website.
Further information regarding CCH Privacy Law in Marketing appears here.