The Federal Trade Commission (FTC) is taking a fresh look at the Children's Online Privacy Protection Act (COPPA) to evaluate the amendments that went into effect in 2013 and to consider whether additional modifications are warranted in light of rapidly changing technology, such as interactive television, interactive gaming, chatbots and similar interactive media.
In conjunction with its review, the FTC has opened a request for public comment, and will hold a public workshop in October to further evaluate COPPA's effectiveness within the current online landscape.
2013 COPPA Amendments
In 2013, the FTC amended COPPA to address the new ways in which children interacted with the Internet, including through mobile devices and social networking. Amongst its changes, the FTC expanded the definition of children's "personal information" to cover persistent identifiers (such as cookies that track a child's activity online), geolocation information, and photos, videos, and audio recordings that contain a child's image or voice.
FTC'S COPPA REVIEW
Although the FTC typically reviews its rules every ten years, the FTC chose to review COPPA on an accelerated schedule to address the rapid changes in technology over the past few years, including the expansion of the educational technology sector, voice-enabled connected devices and general audience platforms that host child-directed content provided by third parties.
The FTC's chairperson, Joe Simons, explained that, "[i]n light of rapid technological changes that impact the online children's marketplace, we must ensure COPPA remains effective." He added that the FTC is "committed to strong COPPA enforcement, as well as industry outreach and a COPPA business hotline to foster a high level of COPPA compliance. But we also need to regularly revisit and, if warranted, update [COPPA]."
FTC'S QUESTIONS
The FTC's request for comments on COPPA contains 29 specific questions, including questions related to COPPA's:
- Definitions;
- Requirement that operators post notices of their privacy practices;
- Methods of obtaining verifiable parental consent before collecting children's information;
- Security requirements;
- Parental right to review or delete children's information; and
- Safe harbor provisions.
Specific questions the FTC posed in its request for comments include:
- Has COPPA affected the availability of websites or online services directed to children?
- Does COPPA properly articulate the factors to consider in determining whether a site or online service is directed to children, or should additional factors be considered? For example, should COPPA be amended to better address sites and services that may not include traditionally child-oriented activities, but that nevertheless have large numbers of users under 13?
- What are the implications for COPPA enforcement raised by technologies such as interactive television, interactive gaming, chatbots or other similar interactive media?
- Should there be an exception to the parental consent requirement for education technology in schools? Should COPPA be modified to encourage general audience platforms to police child-directed content uploaded by third parties?
Comments must be filed with the FTC by October 23, 2019.
THE WORKSHOP
The public workshop, "The Future of the COPPA Rule: An FTC Workshop," will explore whether to update COPPA in light of evolving business practices in the online children's marketplace. The workshop is scheduled to take place on October 7, 2019 in Washington, D.C. and will be webcast live on the FTC's website.
Workshop topics will include:
- How the development of new technologies or business models, the evolving nature of privacy harms, and changes in the way parents and children use websites and online services affect children's privacy today;
- How the Rule should address parental consent for education technology vendors that collect personal information consented to by schools, following discussions that occurred during the FTC's December 2017 Student Privacy and Ed Tech workshop;
- Whether the Rule should include a specific exception to parental consent for audio files containing a child's voice that website operators collect and then promptly delete;
- Whether the Rule should permit general audience platforms to rebut the presumption that all users of child-directed content are children, and if so, under what circumstances;
- Whether the revisions to the Rule made in 2013 have worked as intended or require modification; and
- Whether the Rule should be amended to better address websites and online services that do not include traditionally child-oriented activities but that have large numbers of child users.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
Now It's Personal: Google Hit With First Heavy GDPR Fine (Video)
