Washington

ITIF Analyst: FTC COPPA Revisions Harm More Than Help

Reaction is swift to announcement of changes to online privacy law implementation 12/19/2012 03:24:20 PM Eastern

Reaction was swift to the Federal
Trade Commission's announced tightening of the rules enforcing the Children's Online
Privacy Protection Act (COPPA),
with a group representing Apple, Microsoft,
IBM and others warning the change might harm, rather than help, kids.

The InformationTechnology and Innovation Foundation, whose
members include legislators from both parties, academics and executives from
Apple, Microsoft, IBM and Cisco, were none too pleased with the FTC's changes
and their potential impact on the Web.

"Due in part to FTC rule making, the Internet has
failed to live up to its potential in bringing forth a new era of compelling
and educational child-friendly websites," ITIF senior analyst Daniel
Castro said in a statement issued by ITIF Wednesday. "This recent
announcement is just another example of how federal child privacy laws harm
children more than help them.

"The new rule changes do not address the real problems
with current privacy restrictions which are woven into the open nature of the
Internet and the always changing technology environment. The FTC should have
focused on rules to better address these issues and not simply restrict
legitimate business practices used by companies in the Internet
marketplace."

Some app and ad industry players and advisers were sounding
alarm bells about the changes as well.

The App Developers Alliance, which had warned the FTC about
overregulating app developers out of the business, said Wednesday it was
worried the final rules, which brings mobile apps explicitly under COPPA's
purview, would do just that.

In a statement, the alliance said its members recognized
that protecting children's data online was important, but that the new regs
would be so expensive to implement and create so much risk that "talented
and responsible" developers would be driven from the marketplace.

"The rule should strike a balance. If it causes kids to
miss out on innovative educational tools and entertaining content for only a
nominal increase in online privacy, the rule will fail to achieve Congress's
balanced intent, which is to protect children online while also ensuring that
new content is produced and made available," said Alliance president Jon
Potter.

Among the alliance's other concerns are that the new COPPA
rule: "Extends COPPA liability to app developers that do not collect personally
identifiable information;

"Extends the definition of personally identifiable
information, which has historically been assigned to information like phone
numbers and social security numbers, to device IDs; and

"Treats apps differently than websites."

John Feldman, partner in the D.C. office of law firm Reed Smith
LLP who advises clients on COPPA compliance, suggested some of the problematic
portions of the rule are restrictions on kid-targeted contests and the costs to
kid-targeted sites of being held to a strict liability standard.

Feldman said in a statement that he was pleased that the FTC
had decided not to hold third parties liable for sharing information from sites
they did not know were COPPA-covered child-directed sites. "The return to
the 'actual knowledge' standard is welcome and a relief," he said. But
there remained a devil in the detail. "There are still questions related
to the FTC's approach in determining 'knowledge,'" he said.

But not everyone was raising red flags. In addition to the
legislators and child advocacy group who lined up to associated themselves with
the changes at a Hill press conference Wednesday,  Adonis Hoffman, a
communications professor at Georgetown and former general counsel of the
American Association of Advertising Agencies, raised a celebratory banner.
"In the tender aftermath of the tragedy at Sandy Hook, the FTC's decision
to protect kids from digital harm is poignant," he told B&C/Multichannel News. "We are now talking about the role of
parents in broader terms, and on a day-to-day basis, one of the clear and
present dangers faced by kids could be the misuse of their information. Kudos
to the FTC for taking a step in the right direction."

According to the FTC, the changes to the rule are as
follows:

"Modify the list of 'personal information' that cannot
be collected without parental notice and consent, Clarify that this category
includes geolocation information, photographs, and videos;
"Offer companies a streamlined, voluntary and transparent approval process for
new ways of getting parental consent;
"Close a loophole that allowed kid-directed apps and websites to permit third
parties to collect personal information from children through plug-ins without
parental notice and consent;
"Extend coverage in some of those cases so that the third parties doing the
additional collection also have to Comply with COPPA;
"Extend the COPPA Rule to cover persistent identifiers that can recognize users
over time and across different websites or online services, such as IP
addresses and mobile device IDs;
"Strengthen data security protections by requiring that covered website
operators and online service providers Take reasonable steps to release
children's personal information only to companies that are capable of keeping
it secure and confidential;
"Require that covered website operators adopt reasonable procedures for data
retention and deletion; and strengthen the FTC's oversight of self-regulatory
safe harbor programs."

September
October