FTC wants stricter rules on children's privacy online

Posted by Emma Woollacott

The Federal Trade Commission is proposing changes to online privacy rules designed to give parents control over the information gathered by websites on their children.

The amendments to the Children's Online Privacy Protection Act (COPPA) wants to change the definition of 'personal information' to include geolocation data and unique device identifiers, such as those used bytracking cookies for behavioral advertising.

It also wants to allow children to take part in chatrooms and the like, without parental consent, so long as the operators take  delete all or virtually all children’s personal information before it's made public.

"In this era of rapid technological change, kids are often tech-savvy but judgment poor. We want to ensure that the COPPA Rule is effective in helping parents protect their children online, without unnecessarily burdening online businesses," says FTC Chairman Jon Leibowitz.

"We look forward to the continuing thoughtful input from industry, children’s advocates, and other stakeholders as we work to update the Rule."

As for actually getting parental consent, the FTC suggests electronic scans of signed parental consent forms, video-conferencing and the use of government-issued identification checked against a database - so long as the parent’s ID is deleted promptly after the verification.

The COPPA Rule was last reviewed in 2005, and was then retained without any changes. Since then, though, the FTC believes that technology has evolved in such a way that the rule urgently needs revision.

While sites such as Facebook say that children must be older thasn 13, these rules are largely ignored - indeed over seven and a half million under-13s are active users of the site, according to a report from Consumer Reports.

The Direct marketing Association says its' generally happy with the changes - but it's uneasy about the inclusion of unique device identifiers in the new rules.

"DMA strongly believes that such a definition should include only information that in fact permits the direct communication with a specific, identifiable person — not a device that could be used by multiple people, including children under 13 or adults," it says.