FTC Seeks Comments on Proposed Changes to Children’s Online Privacy Protection Act Rule

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

The Federal Trade Commission announced on August 1, 2012 that it is publishing a Federal Register Notice seeking public comments on proposed changes to the Children’s Online Privacy Protection (COPPA) Rule (16 CFR Part 312).

Proposed modifications to the definitions of “operator” and “website or online service directed to children” would allocate and clarify the responsibilities under COPPA when third parties—such as advertising networks and providers of downloadable software “plug-ins”—collect personal information from users through child-directed websites or services.

The Commission proposes to state within the definition of “operator” that personal information is “collected or maintained on behalf of” an operator when it is collected in the interest of, as a representative of, or for the benefit of, the operator. This change would make clear that an operator of a child-directed site or service that integrates the services of others that collect personal information should itself be considered a covered “operator” under the Rule.

The Commission also proposes to modify the definition of “website or online service directed to children” to:

(1) Clarify that a plug-in provider or ad network is covered by the Rule when it knows or has reason to know that it is collecting personal information through a child-directed website or online service;

(2) Allow websites with mixed audiences of children and adults to age-screen visitors in order to provide COPPA’s protections only to users under age 13; and

(3) Clarify that child-directed sites or services that knowingly target children under 13 as their primary audience or whose overall content is likely to attract children under age 13 as their primary audience must still treat all users as children.

“Personal Information”

Finally, the Commission proposes to modify the Rule’s definition of “personal information” to make it clear that a persistent identifier will be considered personal information when it can be used to recognize a user over time, or across different sites or services, and when it is used for purposes other than support for internal operations.

Use of such identifiers in the course of such activities as site maintenance, network communications, authentication of users, serving contextual advertisements, and protecting against fraud and theft would not be considered collection of personal information, as long as the information collected is not used to contact a specific individual, including through the use of behaviorally-targeted advertising.

Public comments will be accepted through September 10, 2012. Details are available here on the FTC website.

Further information regarding CCH Privacy Law in Marketing appears here.

Trade Regulation Tidbits

This posting was written by Jeffrey May, Editor of CCH Trade Regulation Reporter.

News, updates, and observations:

 Senator Herb Kohl (D, Wis.), chairman of the Senate Antitrust Subcommittee, said his subcommittee was likely to hold a hearing to examine whether the merger of Continental and United Airlines will lead to higher prices or lower quality of service. Continental and United announced a difinititve merger agreement on May 3. The carriers said that the combination would “bring together the two most complementary networks of any U.S. carriers, with minimal domestic and no international route overlaps.” In a May 3 statement, Senator Kohl commented that the merger “would create the nation’s largest airline and will no doubt affect the travel choices for millions of consumers across the nation.” While voicing concern that the major airlines face competitive pressures and high costs, Kohl spoke of a “need to insure that airline consolidation does not diminish the competitive choices for air travelers.”

 Legislation to extend permanently the Antitrust Criminal Penalties Enforcement and Reform Act (ACPERA) of 2004 was introduced in the Senate on April 27. Senator Herb Kohl (D, Wis.), sponsor of the measure, said “permanent extension of ACPERA would encourage participation in the Antitrust Division’s leniency program.” ACPERA limits the civil liability of leniency participants to the actual damages caused by that company, rather than treble damages usually available in civil antitrust lawsuits. The law was amended in 2009 to extend the de-trebling provision for one year. Without amendment, it would expire in June. The measure (S. 3259), which was co-sponsored by Senator Orrin Hatch (R, Utah), also calls for the Comptroller General to submit a report to the Committees on the Judiciary of the House of Representatives and the Senate on the effectiveness of the Antitrust Criminal Penalties Enforcement and Reform Act of 2004.

 The FTC told congressional lawmakers that the rapid-fire pace of technological change, including an explosion in children’s use of mobile devices and interactive gaming, has led the agency to accelerate its review of the Children’s Online Privacy Protection Rule (COPPA Rule) to make sure that it is still adequately protecting children’s privacy. Although the FTC reviews most of its rules every 10 years, the COPPA Rule is being reviewed only five years after its last review, in 2005. The comments were made in agency testimony, prepared for delivery by Jessica Rich, Deputy Director of the FTC Bureau of Consumer Protection, before the Senate Commerce, Science and Transportation Committee's Subcommittee on Consumer Protection, Product Safety, and Insurance on April 29. The FTC’s COPPA Rule, which took effect in 2000, requires operators of Web sites and online services that target children under age 13 to obtain verifiable parental consent before they collect, use, or disclose personal information from children. The operators must give parents the opportunity to review and delete personal information their children have provided.

FTC Seeks Comments on Revising COPPA Rule

This posting was written by Cheryl Beise, Editor of CCH Guide to Computer Law.

The FTC announced on March 24 that it is seeking public comments on the costs and benefits of the agency’s Children’s Online Privacy Protection Act (COPPA) Rule.

The COPPA Rule has not changed since its adoption ten years ago. Changes to the online environment over the past five years, including children’s increasing use of mobile technology to access the Internet, warrant reexamining the Rule, the agency said.

COPPA imposes requirements on operators of websites or online services that are aimed at children under 13 years of age, or that knowingly collect personal information from children under 13.

The COPPA Rule requires that online operators notify parents and get their permission before collecting, using, or disclosing children’s personal information. It also imposes security requirements and restrictions on use of information collected about children.

Issues the FTC would like to see addressed are:

• What implications for COPPA enforcement are raised by mobile communications, interactive television, interactive gaming, or other similar interactive media?

• How are automated systems—those that filter out any personally identifiable information prior to posting—being used to review children’s Internet submissions?

• Do operators have the ability to contact specific individuals using information collected from children online, such as persistent IP addresses, mobile geolocation data, or information collected in connection with behavioral advertising? Should the Rule’s definition of “personal information" be expanded accordingly?

• Are there additional technological methods for obtaining verifiable parental consent that should be added to the COPPA Rule? Should any of the current methods be removed?

• Are parents exercising their right under the Rule to review or delete personal information collected from their children? What challenges do operators face in authenticating parents?

• Does the Rule’s process for the FTC’s approval of self-regulatory guidelines (safe harbor programs) enhance compliance? Should the criteria for FTC approval and oversight of the guidelines be modified?

The 90-day comment period will end on June 30, 2010.

The Request for Public Comment on the Federal Trade Commission’s Implementation of the Children’s Online Privacy Protection Rule is posted here on the FTC’s website. The FTC’s March 24 Press Release is available here.

FTC Seeks Public Comment on Children’s Online Privacy Program

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

The Federal Trade Commission is seeking public comment on proposed guidelines to help website operators comply with the FTC’s Children’s Online Privacy Protection Rule, the FTC announced on January 6.

Safe Harbor Programs

The proposed guidelines were submitted to the FTC by a nonprofit organization known as iSAFE, Inc. under a provision of the Children’s Online Privacy Protection Act aimed at industry self-regulation (18 U.S.C. Sec. 6503). This provision allows nonprofit groups and companies to request FTC approval of proposed guidelines—known as safe harbor programs—that govern compliance with the Rule.

The Rule requires operators of websites that collect personal information from children under the age of 13 to notify parents and obtain their consent before collecting, using, or disclosing any such information.

Since the Rule took effect on April 21, 2000, four groups—the Children’s Advertising Review Unit of the Council of Better Business Bureaus, the Entertainment Software Rating Board, TRUSTe, and Privo, Inc.—have received FTC approval for their safe harbor programs.

Questions on Proposed Guidelines

The FTC is seeking public comment about the proposed iSAFE guidelines. Specifically, the FTC requests input as to:

 Whether the guidelines provide “the same or greater protections for children” as those contained in the Rule;

 Whether the mechanisms used to assess operators’ compliance are effective;

 Whether incentives for operators’ compliance with the guidelines are effective; and

 Whether the guidelines provide adequate means for resolving consumer complaints.

The comment period will last for 45 days. More information about iSAFE’s safe harbor application is available here on the FTC’s website.