Huge FTC Plan to Strengthen Children's Online Privacy Rules

In order to redefine the manner in which digital businesses manage the personal information of children, the Federal Trade Commission (FTC) is proposing significant revisions to the Children’s Online Privacy Protection Act (COPPA) Rule.

As a result of these adjustments, the duty for providing a healthy and secure digital environment for children has shifted from parents to service providers.

FTC Proposes Changes to COPPA

In a time when online tools play a significant role and sophisticated digital technologies are being used to monitor youngsters, the Chair of the Federal Trade Commission, Lina Khan, stressed the time-sensitive nature of these changes. The modifications that have been suggested are in line with the overarching objective of providing children with a safe and secure digital environment.

“The proposed changes to COPPA are much-needed, especially in an era where online tools are essential for navigating daily life-and where firms are deploying increasingly sophisticated digital tools to surveil children,” Khan stated in a prepared statement.

“By requiring firms to better safeguard kids’ data, our proposal places affirmative obligations on service providers and prohibits them from outsourcing their responsibilities to parents,” said the researcher.

Websites and online services that collect personal information from children under the age of 13 are required by the Children’s Online Privacy Protection Act (COPPA Rule), which was established in the year 2000, to provide notice to parents and acquire verifiable parental consent.

The personal data that these platforms are able to acquire is restricted, there are restrictions placed on the amount of data that may be retained, and the implementation of security measures is required. In its most recent proposal, which was provided in the form of a notice of proposed rulemaking, the Federal Trade Commission (FTC) solicits public feedback on a number of significant modifications to the Children’s Online Privacy Protection Act (COPPA) Rule.

What Are the Proposed Changes by FTC?

Among the modifications that are being proposed are the following: a prohibition against conditioning access to services on disclosing personal information; a prohibition against collecting more personal information than is necessary for a child’s participation in an activity; and a requirement for separate verifiable parental consent for targeted advertising.

In the absence of verifiable parental consent, operators who use permanent identifiers are required to give an online notice that details the internal procedures for which the identifier is acquired.

It is imperative that the notice guarantees that the identifier will not be utilized or revealed for the purpose of contacting a particular individual, including for the purpose of targeted advertising. The use of persistent identifiers and online contact information by operators in order to send push notifications to children in an effort to encourage them to use their service more frequently falls under the prohibition.

It is proposed that the existing guidance be codified, that the commercial exploitation of children’s information in educational technology be prohibited, and that further safeguards be introduced.

In order to improve the transparency and accountability of COPPA Safe Harbor programs, it would be necessary for each program to reveal its membership list to the public and report any additional information to the Commission.

The establishment, implementation, and ongoing maintenance of a written children’s personal information security program that is relevant to the level of sensitivity of the data acquired would be strictly enforced by the operators.

It would be possible to strengthen data retention limitations, which would allow for the retention of personal information only for the precise purpose for which it was collected, ban its use for secondary purposes, and ensure that operators do not keep the information for an indefinite period of time.

Additionally, modifications to some definitions within the rule are being proposed. One of these modifications is an expansion of the meaning of “personal information” to include biometric identifiers under the rule.

As part of the Federal Trade Commission’s (FTC) commitment to engaging stakeholders and ensuring a comprehensive and effective regulatory framework for children’s online privacy, the public is being encouraged to provide views on these proposed modifications within a period of sixty days.