A proposed update of the U.S. online privacy rule for children would revise definitions of personal information and beef up parental consent mechanisms to reflect technological changes.
The Federal Trade Commission plan would modify its Children's Online Privacy Protection Rule that gives parents a say over what information websites and other online providers can collect about children under the age of 13.
"In this era of rapid technological change, kids are often tech savvy but judgment poor," FTC Chairman Jon Leibowitz said in a statement on Thursday.
The FTC plan makes clear that privacy protections apply when a child is on a cell phone, playing interactive games online or participating in a virtual world. It further clarifies that the law requires parental consent before behaviorally profiling a child.
The Children's Online Privacy Protection Act (COPPA) of 1998 requires websites and online service operators to obtain verifiable consent from parents before collecting, using or disclosing personal information of children.
New consent mechanisms, such as video-conferencing and electronic scans of signed consent forms, are added under the FTC's proposal. The commission wants to eliminate a form of parental consent known as "email plus," that allows operators to obtain consent through an email to the parent, coupled with another step.
"We want to ensure that the COPPA Rule is effective in helping parents protect their children online, without unnecessarily burdening online businesses," Leibowitz said.
The FTC implemented the privacy law in 2000 with its rule that has not been updated since, despite a 2005 review.
"One of the biggest changes is the rapid growth of mobile and how quickly it has penetrated into the children's marketplace," American University communications professor Kathryn Montgomery said of the need to update the rule.
Montgomery led the campaign to have COPPA enacted in 1998. She told a conference call with reporters that greater sophistication in behavioral targeting and tracking in recent years also warranted updates to the rule.
The FTC's proposal updates the definition of "personal information" to require parental permission before identifiers like IP addresses and tracking cookies could be collected while children surf the Internet.
Location information, often collected by mobile devices and applications, would also be added to the list of covered personal information.
Lawmakers have raised concerns that tech companies may not be doing enough to safeguard their customers' privacy in favor of selling location data to potential advertisers.
Representatives Edward Markey and Joe Barton praised the FTC's proposed revisions, which include many of the same safeguards the lawmakers introduced in May with their bipartisan Do Not Track Kids Act.
The online industry expressed a commitment to protecting children but had concerns about some of the revisions, such as eliminating the "sliding scale" approach that determines the required method of consent based on how a website intends to use a child's personal information.
"It would be a disservice to our children - and the U.S. economy - if our regulations unnecessarily inhibited growth in new areas such as mobile technology," said Linda Woolley, executive vice president of Washington operations for the Direct Marketing Association.
The FTC is seeking comment on the proposal until November 28.
(Reporting by Jasmin Melvin in Washington; Editing by Tim Dobbyn)