FTC Issues 8 New Rules to Protect Children's Online Privacy
The Federal Trade Commission is making good on its threats to take action with regard to children's Internet privacy. The FTC has issued new online privacy rules that amend COPPA, set to take effect July 1.
COPPA, the Children's Online Privacy Protection Act, will soon include eight new rules to strengthen kids' privacy on the web. The newly adopted rules are also intended to give parents greater control over their children's personal information, according to the FTC.
The updates come shortly after the FTC scolded app makers for failing to adequately protect childrens' personal data. Now companies will have to do more to keep kids safe. The new rules include:
- Changes to the definition of personal information. Aside from the usual suspects, that information will now include geolocation, photographs, and videos. None of that information can be collected without verified parental consent.
- A more transparent approval process. The FTC will offer companies a more streamlined and transparent approval process of ways to get parental consent. The process is voluntary, but approval should insulate companies from liability.
- No selling to third parties. The new rules will close a loophole that allowed companies to give or sell children's personal information to third parties without parental consent. That information will no longer be for sale unless parents say yes.
- COPPA's applicability to third parties. Not only will online companies and services be prohibited from selling information without parental permission, but now some third party advertisers will be bound by COPPA as well.
- Persistent identifiers now included. It's not just personal information that can identify a child. Persistent identifiers like IP addresses and mobile device IDs can also allow online services to identify people over time and across websites. Those will now be covered by COPPA as well.
- Stronger data security. To increase protection for children, website operators will have to take "reasonable steps" to keep information private. That means only releasing it to companies that will keep it secure and confidential.
- Data retention and deletion. Website operators will also be required to keep children's information secure. The FTC wants them to adopt procedures for keeping and deleting data without leaks.
- More FTC oversight of self-regulatory programs. The FTC does have some self-regulatory safe harbor programs for online services when it comes to COPPA. With the FTC's new online child privacy rules, they're committing themselves to better regulation of those programs.