FTC bolsters online children's privacy rules
The new rules require websites targeting children to get parental permission before collecting geolocation data and photos
IDG News Service - Websites, mobile apps and online advertising networks targeting children will be required to follow new privacy regulations, including getting a parent's permission before collecting geolocation information and photographs from kids, under new rules announced Wednesday by the U.S. Federal Trade Commission.
The new rules, a revision of existing regulations under the Children's Online Privacy Protection Act (COPPA), also require websites and other online services to get parental permission before collecting IP addresses and mobile devices IDs for children under age 13.
The changes to the rules, praised by privacy advocates, also require third-party companies collecting information on websites targeted at children to get a parent's permission, closing a "loophole" that allowed some plug-ins to collect children's personal information without getting permission, FTC Chairman Jon Leibowitz said during a press conference.
Changes to the FTC's COPPA rule are needed because the Internet has changed significantly, with an explosion of smartphones, mobile apps and social networking, since Congress passed COPPA in 1998, Leibowitz said.
"The Internet of 2012 is vastly different than the Internet of 14 years ago," he said. "Some companies, especially some ad networks, have an insatiable desire to collect information from kids."
The new rules, scheduled to go into effect in July, are designed to give online businesses that provide services to children clear guidelines about collecting personal data, Leibowitz said. The new rules do not prohibit advertising to children online, he said, but address the collection of personal data to deliver targeted, or behavioral, advertising.
"Our rule is simple, effective and straightforward," he said. "Until and unless you get parental consent, you may not track children to build massive profiles for behavioral advertising."
Four U.S. lawmakers attending the press conference praised the changes to the COPPA rules. The new rules will help prevent third-party companies on websites from using "technological tricks" to children's personal information, said Senator John "Jay" Rockefeller, a West Virginia Democrat.
Strengthening the rules is "so much a no-brainer," Rockefeller added. "It should be a universal issue."
The FTC, in strengthening the rules, is doing "the lord's work," said Representative Joe Barton, a Texas Republican.
The rules create a new, streamlined process at the FTC for online companies to propose new ways to get parental permission to collect information. The rules also require online companies to take reasonable steps to release children's personal information only to companies that can keep it secure and confidential.
Digital liberties group the Center for Democracy and Technology and e-commerce trade group NetChoice raised concerns that the new rules may target too many websites.
"COPAA should stay focused on websites that knowingly communicate with children -- not cast a net so wide it is impossible to comply with," Steve DelBianco, executive director of NetChoice, said by email. "I'm amazed at the ambiguity in determining whether a site is covered by COPPA. Despite two years of deliberation, the FTC still has not provided clarity the e-commerce industry needs."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts