The Federal Trade Commission (FTC) is proposing significant changes to the Children's Online Privacy Protection Act (COPPA) Rule to redefine how digital services handle children's personal information.
These modifications shift the responsibility from parents to service providers, ensuring a safer digital environment for children.
FTC Proposes Changes to COPPA
FTC Chair Lina Khan emphasized the urgency of these changes in an era when online tools play a crucial role and sophisticated digital tools increasingly surveil children. The proposed adjustments align with the broader goal of ensuring a secure digital environment for children.
"The proposed changes to COPPA are much-needed, especially in an era where online tools are essential for navigating daily life-and where firms are deploying increasingly sophisticated digital tools to surveil children," Khan said in a statement.
"By requiring firms to better safeguard kids' data, our proposal places affirmative obligations on service providers and prohibits them from outsourcing their responsibilities to parents," she added.
Established in 2000, the COPPA Rule mandates websites and online services collecting personal information from children under 13 to provide notice to parents and obtain verifiable parental consent.
It also limits the personal data these platforms can collect, imposes constraints on data retention, and requires implementing security measures. The FTC's latest proposal, presented in a notice of proposed rulemaking, invites public input on several key adjustments to the COPPA Rule.
Read Also: FTC Warns Against QR Codes, Growing Cyber Attacks Reached 60,000
What Are the Proposed Changes by FTC?
Among the proposed changes are requirements for separate verifiable parental consent for targeted advertising, a prohibition against conditioning access to services on disclosing personal information, and reinforced bans on collecting more personal information than necessary for a child's participation in an activity.
Operators using persistent identifiers without verifiable parental consent must provide online notice specifying the internal operations for which the identifier is collected.
The notice should ensure that the identifier won't be used or disclosed for contacting a specific individual, including targeted advertising. Operators are prohibited from using online contact information and persistent identifiers to send push notifications encouraging children to use their service more.
The proposed rule codifies existing guidance, prohibits the commercial use of children's information in educational technology, and introduces additional safeguards.
Transparency and accountability of COPPA Safe Harbor programs would be enhanced, requiring each program to disclose its membership list publicly and report additional information to the Commission.
Operators would be mandated to establish, implement, and maintain a written children's personal information security program appropriate to the sensitivity of the collected data.
Data retention limits would be strengthened, permitting personal information to be retained only for the specific purpose for which it was collected, prohibiting its use for secondary purposes, and ensuring that operators do not keep the information indefinitely.
Additionally, changes to some definitions in the rule are proposed, including expanding the "personal information" definition to include biometric identifiers.
The public is invited to submit comments on these proposed changes within 60 days, reflecting the FTC's commitment to engaging stakeholders and ensuring a comprehensive and effective regulatory framework for children's online privacy.
Related Article: Meta Resists FTC Order
