Changes in Law Aim to Protect Kids’ Online Data
Aiming to prevent companies from exploiting online information about children under 13, the Obama administration on Wednesday imposed sweeping changes in regulations designed to protect a young generation with easy access to the Internet.
Two years in the making, the amended rules to the decade-old Children’s Online Privacy Protection Act go into effect in July. Privacy advocates said the changes were long overdue in an era of cellphones, tablets, social networking services and online stores with cellphone apps aimed at kids for as little as 99 cents.
Siphoning details of children’s personal lives - their physical location, contact information, names of friends and more - from their Internet activities can be highly valuable to advertisers, marketers and data brokers.
The Obama administration has largely refrained from issuing regulations that might stifle growth in the technology industry, one of the U.S. economy’s brightest spots. Yet the Federal Trade Commission pressed ahead with the new kids’ privacy guidelines despite loud complaints - particularly from small businesses and software apps developers - that the revisions would be too costly to comply with and cause responsible companies to abandon the children’s marketplace.
As evidence of online risks, the FTC last week said it was investigating an unspecified number of software developers that may have illegally gathered information without the consent of parents.
Under the changes to the law, known as COPPA, information about children that cannot be collected unless a parent first gives permission now includes the location data that a cellphone generates, as well as photos, videos and audio files containing a human image or voice.
The Congressional Bipartisan Privacy Caucus commended the FTC for writing the new rules. "Keeping kids safe on the Internet is as important as ensuring their safety in schools, in homes, in cars," caucus co-chairman Rep. Edward Markey, D-Mass., said at a Capitol Hill news conference.
Data known as "persistent identifiers," which allow a person to be tracked over time and across websites, are also considered personal data and covered by the rules, the agency said. But parental consent is not required when a website operator collects this data solely to support its internal operations, which can include advertising, site analysis and network communications.
The rules offer several new methods for verifying a parent’s consent, including electronically scanned consent forms, video conferencing and email.
The FTC sought to achieve a balance between protecting kids and spurring innovation in the technology industry, said Jon Leibowitz, the agency’s chairman.