ITIF Analyst: FTC COPPA Revisions Harm More Than Help

Reaction is swift to announcement of changes to online privacy law implementation

By John Eggerton -- Broadcasting & Cable, 12/19/2012 3:24:20 PM

Reaction was swift to the Federal Trade Commission's announced tightening of the rules enforcing the Children's Online Privacy Protection Act (COPPA), with a group representing Apple, Microsoft, IBM and others warning the change might harm, rather than help, kids.

The InformationTechnology and Innovation Foundation, whose members include legislators from both parties, academics and executives from Apple, Microsoft, IBM and Cisco, were none too pleased with the FTC's changes and their potential impact on the Web.

"Due in part to FTC rule making, the Internet has failed to live up to its potential in bringing forth a new era of compelling and educational child-friendly websites," ITIF senior analyst Daniel Castro said in a statement issued by ITIF Wednesday. "This recent announcement is just another example of how federal child privacy laws harm children more than help them.

"The new rule changes do not address the real problems with current privacy restrictions which are woven into the open nature of the Internet and the always changing technology environment. The FTC should have focused on rules to better address these issues and not simply restrict legitimate business practices used by companies in the Internet marketplace."

Some app and ad industry players and advisers were sounding alarm bells about the changes as well.

The App Developers Alliance, which had warned the FTC about overregulating app developers out of the business, said Wednesday it was worried the final rules, which brings mobile apps explicitly under COPPA's purview, would do just that.

In a statement, the alliance said its members recognized that protecting children's data online was important, but that the new regs would be so expensive to implement and create so much risk that "talented and responsible" developers would be driven from the marketplace.

"The rule should strike a balance. If it causes kids to miss out on innovative educational tools and entertaining content for only a nominal increase in online privacy, the rule will fail to achieve Congress's balanced intent, which is to protect children online while also ensuring that new content is produced and made available," said Alliance president Jon Potter.

Among the alliance's other concerns are that the new COPPA rule: "Extends COPPA liability to app developers that do not collect personally identifiable information;

"Extends the definition of personally identifiable information, which has historically been assigned to information like phone numbers and social security numbers, to device IDs; and

"Treats apps differently than websites."

John Feldman, partner in the D.C. office of law firm Reed Smith LLP who advises clients on COPPA compliance, suggested some of the problematic portions of the rule are restrictions on kid-targeted contests and the costs to kid-targeted sites of being held to a strict liability standard.

Feldman said in a statement that he was pleased that the FTC had decided not to hold third parties liable for sharing information from sites they did not know were COPPA-covered child-directed sites. "The return to the 'actual knowledge' standard is welcome and a relief," he said. But there remained a devil in the detail. "There are still questions related to the FTC's approach in determining 'knowledge,'" he said.

But not everyone was raising red flags. In addition to the legislators and child advocacy group who lined up to associated themselves with the changes at a Hill press conference Wednesday,  Adonis Hoffman, a communications professor at Georgetown and former general counsel of the American Association of Advertising Agencies, raised a celebratory banner. "In the tender aftermath of the tragedy at Sandy Hook, the FTC's decision to protect kids from digital harm is poignant," he told B&C/Multichannel News. "We are now talking about the role of parents in broader terms, and on a day-to-day basis, one of the clear and present dangers faced by kids could be the misuse of their information. Kudos to the FTC for taking a step in the right direction."

According to the FTC, the changes to the rule are as follows:

"Modify the list of 'personal information' that cannot be collected without parental notice and consent, Clarify that this category includes geolocation information, photographs, and videos;
"Offer companies a streamlined, voluntary and transparent approval process for new ways of getting parental consent;
"Close a loophole that allowed kid-directed apps and websites to permit third parties to collect personal information from children through plug-ins without parental notice and consent;
"Extend coverage in some of those cases so that the third parties doing the additional collection also have to Comply with COPPA;
"Extend the COPPA Rule to cover persistent identifiers that can recognize users over time and across different websites or online services, such as IP addresses and mobile device IDs;
"Strengthen data security protections by requiring that covered website operators and online service providers Take reasonable steps to release children's personal information only to companies that are capable of keeping it secure and confidential;
"Require that covered website operators adopt reasonable procedures for data retention and deletion; and strengthen the FTC's oversight of self-regulatory safe harbor programs."