Connect with us

Hi, what are you looking for?



FTC Proposes Strengthening Children’s Online Privacy Rules to Address Tracking, Push Notifications

The FTC has proposed strengthening children’s online privacy rules to address tracking and push notifications.

The Federal Trade Commission is proposing sweeping changes to a decades-old law that regulates how online companies can track and advertise to children, including turning off targeted ads to kids under 13 by default and limiting push notifications.

The federal Children’s Online Privacy Protection Act, or COPPA, requires kid-oriented apps and websites to get parents’ consent before collecting personal information of children under 13. COPPA was enacted in 1998, went into effect in 2000 and was last updated a decade ago.

“Kids must be able to play and learn online without being endlessly tracked by companies looking to hoard and monetize their personal data,” said FTC Chair Lina Khan in a statement. “The proposed changes to COPPA are much-needed, especially in an era where online tools are essential for navigating daily life — and where firms are deploying increasingly sophisticated digital tools to surveil children.”

Children’s online safety advocates applauded the announcement.

“The commission’s plan will limit data uses involving children and help prevent companies from exploiting their information,” said Katharina Kopp, director of policy at the nonprofit Center for Digital Democracy. “These rules will also protect young people from being targeted through the increasing use of AI, which now further fuels data collection efforts. Young people 12 and under deserve a digital environment that is designed to be safer for them and that fosters their health and well-being.”

Here are some of the changes the FTC is proposing:


Apps, games and websites used by children would be required to obtain “separate, verifiable parental consent” to disclose information about kids under 13 to third-party advertisers, unless the disclosure is “integral” to the nature of the online service. And they won’t be able to deny access to the games and apps just because parents don’t agree to having their children’s information disclosed — which is possible today.

Advertisement. Scroll to continue reading.


Operators would be prohibited from using online contact information and “persistent identifiers” such as cookies that track a child’s activity online to send push notifications to children to prompt or encourage them to use their service more.


The FTC is proposing codifying its current guidance related to the use of education technology to prohibit commercial use of children’s information, among other safeguards. The proposed rule would allow schools and school districts to allow educational technology providers to collect, use, and disclose students’ personal information — but only for a school-authorized educational purposes and not for any commercial use.


The proposed rules would only allow companies to keep personal information for “as long as necessary to fulfill the specific purpose for which it was collected.” They would also prohibit operators from using retained information for any secondary purpose and from retaining the information indefinitely. The Rule would also require operators to establish a written, public data retention policy for children’s personal information.

Related: Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data

Related: TikTok Hit by US Lawsuits Over Child Safety, Security Fears

Written By


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...


The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.