FTC Proposes More Changes to COPPA

Proposes adding ad nets to covered entities under child online protection bill

By John Eggerton -- Broadcasting & Cable, 8/1/2012 10:59:45 AM

The Federal Trade Commission has recommended that ad networks be subject to the Children's Online Privacy Protection Act when they are collecting personal information through a child-directed website.

That is one of the steps it is taking to toughen online protections related to the use or disclosure of children's personal information, according to proposed revisions it put out for comment Wednesday.

The revisions in the definitions of "operator" and "website" directed to children will clarify their application to third parties, including ad networks and plugins that collect personal info through child-directed sites or services.

The FTC proposes to include within the definition of covered operator one whose site integrates services from others that collect personal info. The FTC also specifies that persistent identifiers -- cookies, IP addresses -- will be considered personal information "where it can be used to recognize a user over time, or across different sites or services, or where it is used for purposes other than support for internal operations."

The FTC also will change the definition of "support for internal operations" to clarify that "site maintenance and analysis, performing network communications, use of persistent identifiers for authenticating users, maintaining user preferences, serving contextual advertisements, and protecting against fraud and theft will not be considered collection of 'personal information' as long as the information collected is not used or disclosed to contact a specific individual, including through the use of behaviorally-targeted advertising, or for any other purpose." 

The definition of "website" would also be modified to:

"Clarify that a plugin or ad network is covered by the Rule when it knows or has reason to know that it is collecting personal information through a child-directed website or online service;

"Address the reality that some websites that contain child-oriented content are appealing to both young children and others, including parents. Under the current Rule, these sites must treat all visitors as under 13 years of age. The proposed definition would allow these mixed audience websites to age-screen all visitors in order to provide COPPA's protections only to users under age 13; and,

"Clarify that those child-directed sites or services that knowingly target children under 13 as their primary audience or whose overall content is likely to attract children under age 13 as their primary audience must still treat all users as children."

The FTC proposed changes to COPPA in September 2011, including expanding the definition of personal information to include identifiers, and received 350 comments. But some of the changes are new, so Wednesday's proposals will also be put out for comment.

Jeff Chester, executive director of the Center for Digital Democracy, was already commenting, and the assessment was positive.

"Today, the FTC took a giant step to protect children's privacy by proposing that the online data broker industry be required to comply with the Children's Online Privacy Protection Act (COPPA)," said Chester. "Children -- like adults -- confront a pervasive data collection and targeting system made up of ad networks, data exchanges, and other digital marketing companies able to target anyone in real-time.  The FTC's proposal ensures that parents will have control over how information can be collected from their children via mobile phones, online games and when they use computers.  In addition, the commission will also rein in the data brokers targeting kids who use social media, so-called 'plugins,' to gather information on a child and their friends."