The Federal Trade Commission on Wednesday proposed new regulations that would explicitly prohibit ad networks and other online services providers from collecting personal information from children.
The proposal is part of the FTC's latest recommended regulations implementing the Children's Online Privacy and Protection Act, a law that went into effect more than 10 years ago.
COPPA broadly bans Web site operators from knowingly collecting personal information from children under 13 without parental consent, but empowers the FTC to define key terms, including Web site operators and personal information.
In the past, the FTC said the law applied to sites geared to children, and general interest sites that knew they were collecting data from children. Wednesday's proposal would make clear that third parties that collect data -- including companies that offer social plug-ins, ad networks and other service providers -- also are covered by the restrictions.
"The Commission now believes that the most effective way to implement the intent of Congress is to hold both the child-directed site or service and the information-collecting site or service responsible as covered co-operators," the FTC said in its 43-page proposal.
The federal regulators added that publishers that allow third parties to gather data are responsible for complying with COPPA, even if those publishers don't collect the information. "An operator of a child-directed site or service that chooses to integrate into its site or service other services that collect personal information from its visitors should be considered a covered operator," the FTC said. "Although the child-directed site or service does not own, control, or have access to the information collected, the personal information is collected on its behalf."
The FTC mentions in the proposed changes that its experience with enforcing COPPA show the need to clarify that social networking plug-ins are covered by the statute.
Earlier this week, the FTC closed an investigation of mobile social gaming platform OpenFeint, which was accused of violating COPPA. The FTC said in its closing letter that the current COPPA regulations were "ambiguous" about whether OpenFeint should be considered a Web site operator -- even though its platform, which collects personal data, was "was available on numerous child-directed apps."
In September, the FTC recommended that companies should be prohibited from using behavioral targeting techniques on children under 13 without their parents' permission. The latest proposals still include that recommendation.
Privacy advocate Jeffrey Chester, executive director of the Center for Digital Democracy, praised the FTC's proposals. "The FTC's proposal ensures that parents will have control over how information can be collected from their children via mobile phones, online games and when they use computers," he stated. "In addition, the commission will also rein in the data brokers targeting kids who use social media, so-called 'plug-ins,' to gather information on a child and their friends."
The FTC will accept comments about the proposal until Sept. 10.
Have not read the full report but from your analysis I have to say... it's about time. We publish myfamilytravels.com for family vacation planners and get lots of kids 13-18 signing up; their parents contact us regularly to discuss what profile data is being collected, stored, and made visible to the public. So obviously the consumer is waiting for some sort of reassurance, and maybe these 'baby' steps will allow the FTC to leave BT for grownups alone.