WASHINGTON – US regulators unveiled new rules Wednesday aimed at strengthening online privacy protection for children, to reflect the growing use of mobile apps and social networks.
The Federal Trade Commission said its updated rules require online services to get consent from parents if they are aimed at children under 13 or know that they are collecting personal information from young children.
But FTC chairman Jon Leibowitz said the Children’s Online Privacy Protection Act would not include stricter proposals which would have made companies liable for “plug-ins” such as the Facebook “like” button or Twitter’s “tweet” button.
“The Commission takes seriously its mandate to protect children’s online privacy in this ever-changing technological landscape,” said Leibowitz.
“I am confident that the amendments to the COPPA Rule strike the right balance between protecting innovation that will provide rich and engaging content for children, and ensuring that parents are informed and involved in their children’s online activities.”
Leibowitz told reporters that websites will still be able to direct ads to children, and that “the only limit we place is on behavioral advertising,” which is based on a person’s browsing activity.
“Until you get parental consent, you may not build massive profiles of children to deliver advertising,” the regulator said.
The rules close some loopholes on online operators who can be liable for violations of the law, which was passed by Congress in 1998.
But the regulations note that, in light of comments received on a draft, the FTC decided the rules should not encompass platforms such as Google Play or the App Store, that offer access to “someone else’s child-directed content.”
Third-party plug-ins will be responsible only where they have “actual knowledge that they are collecting personal information from users of a child-directed site.”
Leibowitz said the FTC “struggled with this” issue and sought to avoid rules which clamped down on operators to force them to create a “sanitized” Internet for older children and adults.
“We think where we ended up was both balanced and very very strong,” he said. “We did two rounds of comments because we wanted to get it right and we wanted to listen to everybody.”
The proposal drew hundreds of comments, including some who feared Facebook could be held liable if it allowed young children to hit the “like” button without getting parental consent.
Senator Jay Rockefeller, who joined the news conference unveiling the updated rules, said they were as strong as the law allowed.
“The FTC really went as far as they could,” Rockefeller said.
“There will be groups that will complain about it and so will I. But we can’t do anything about it because the FTC is governed by law.”
Jeff Chester, executive director of the Center for Digital Democracy, which lobbies for greater privacy protections, called the FTC move “a major step forward” but warned that it may not be effective.
“We are concerned about possible loopholes that could undermine the intent of the rules,” he said, adding that his group would maintain “file complaints against any company that violates the new rules.”
Meanwhile the Center for Democracy & Technology said it was concerned the rules could be harmful to an open Internet.
“The updated definition of when a website is ‘directed to children’ could expand COPPA’s reach to general audience sites and confuse website owners as to whether these new rules apply to them,” the group said in a statement.
This uncertainty “could lead to many more sites demanding age or identifying information from all users before allowing access” which “runs counter to the First Amendment right to access information anonymously and increases the collection of potentially sensitive information generally.”
The Application Developers Alliance said it was “deeply concerned that the new regulations will be so expensive to implement and create so much risk that talented and responsible developers will abandon the children’s app marketplace.”