The Children's Online Privacy Protection Act (COPPA) was originally created to protect children under 13 from having their information abused by online services. To keep up with changes in technology, the FTC has been working on new rules that amend COPPA.
The FTC's new online child-privacy rules, set to take effect July 1, 2013, are designed to better protect childrens' information online and give parents more tools to keep their kids safe. While there are eight new rules in total, they fall into three broad categories:
Better identification of private information. The rules always protected things like names, addresses, Social Security numbers, and gender as personal information that can't be collected without parental permission. But now the rules have expanded to include geolocation and images, which are often collected by online services. Persistent identifiers like IP addresses and mobile device IDs will also now be included in the list of kids' information that can't be collected unless parents give consent.
More control over companies. As part of the new rules, the FTC will be exerting greater control over how companies use childrens' personal information. That means selling to third parties and sharing data will be subject to stricter control and require parental permission. In addition, COPPA will now apply to third parties who collect user information so they will be bound to keep childrens' information private as well.
Heightened security requirements. To better protect information that is collected (with parental permission of course), the FTC wants companies to have better data security. That means better policies and procedures for storing and deleting data and higher standards for whom the data can be released to. To facilitate getting parental consent, the FTC's new online child-privacy rules also allow new ways to get that consent, such as electronic scans of signed parental consent forms.