The U.S. government announced tighter rules on Wednesday to protect
children's online privacy by restricting the collection of data, like
the child's location, unless parents consent.
The actions by the
Federal Trade Commission mark an update to rules that were based on the
1998 Children's Online Privacy Protection Act, developed when most
computers were big beige boxes sitting under office desks instead of
smartphones in backpacks, and online social media was unheard of.
"The
Commission takes seriously its mandate to protect children's online
privacy in this ever-changing technological landscape," FTC Chairman Jon
Leibowitz said in a statement.
Under the updated rule, IP
addresses, which are unique to each computer, will be added to the list
of personal information that cannot be collected from children without
parental consent if the data will be used for behavioral advertising or
tracking.
Location, photos, videos and audio files were also added to the definition.
Leibowitz
said the commission struck "the right balance between protecting
innovation that will provide rich and engaging content for children, and
ensuring that parents are informed and involved in their children's
online activities."
But Senator John Rockefeller, a West Virginia
Democrat and chair of the Senate Commerce, Science and Technology
Committee, which oversees the FTC, said he had wanted legislation that
went further.
"There are groups that will complain about it (COPPA
being too weak), and so will I, but we can't do anything more about it
right now," he said. "Children's privacy as far as I am concerned is an
absolutely top line issue."
Privacy advocates and advertising
companies had been watching closely to see if the agency would go
through with a pledge made in August to add IP addresses to the
restrictions.
Advertisers had argued against the move since
several people in a family adults and children could use the same
computer. Privacy advocates said it was needed to protect children.
Also
under the updated rule, plug-ins and other third parties connected to
children's websites and apps cannot allow third parties to collect
information on children without parental consent.
Big companies
would be able to deal with the changes but the tighter regulators could
be onerous for smaller firms, said John Feldman of the law firm Reed
Smith LLP.
"I represent companies who are trying to sell products
and services," he said. "The bigger companies feel like they can deal
with it. There are significant costs that will be associated with this."
Privacy
advocate Kathryn Montgomery, who teaches at American University, said
the update was needed, given the growth of social networks and mobile
computing. She urged the FTC to be tough about enforcing the rules.
"The
new rules should help ensure that companies targeting children
throughout the rapidly expanding digital media landscape will be
required to engage in fair marketing and data collection practices," she
said.
The proposal also specifies that family websites, which are
websites aimed at children and adults, would be allowed to screen users
to determine their ages and only provide protection to children under
age 13.
Currently, all visitors to the websites must be treated as if they are under age 13.
The FTC's rule implementing COPPA became effective in 2000.
The updated rule takes effect on July 1. It was approved by a vote of three to one with one commissioner abstaining.
© Thomson Reuters 2012