The Federal Trade Commission is publishing a Federal Register Notice seeking public comments on additional proposed modifications to the Children's Online Privacy Protection Rule.
In updating the Rule to keep current with technology advances, in September 2011, the FTC issued a Notice of Proposed Rulemaking seeking comment on proposed changes to the Commission's COPPA Rule. The Commission received 350 comments. In response to those comments and informed by its experience in enforcing and administrating the Rule, the FTC now proposes to modify certain definitions to clarify the scope of the Rule and strengthen its protections for the online collection, use, or disclosure of children's personal information.
The proposed modifications to the definitions of "operator" and "website or online service directed to children" would allocate and clarify the responsibilities under COPPA when third parties such as advertising networks or downloadable software kits ("plug-ins") collect personal information from users through child-directed websites or services. The Commission proposes to state within the definition of "operator" that personal information is "collected or maintained on behalf of" an operator where it is collected in the interest of, as a representative of, or for the benefit of, the operator. This change would make clear that an operator of a child-directed site or service that chooses to integrate the services of others that collect personal information from its visitors should itself be considered a covered "operator" under the Rule.
The Commission also proposes to modify the definition of "website or online service directed to children" to:
Finally, the Commission proposes to modify the Rule's definition of "personal information" to make clear that a persistent identifier will be considered personal information where it can be used to recognize a user over time, or across different sites or services, where it is used for purposes other than support for internal operations. In connection with this change, the Commission proposes to modify the definition of "support for internal operations" in order to explicitly state that activities such as: site maintenance and analysis, performing network communications, use of persistent identifiers for authenticating users, maintaining user preferences, serving contextual advertisements, and protecting against fraud and theft will not be considered collection of "personal information" as long as the information collected is not used or disclosed to contact a specific individual, including through the use of behaviorally-targeted advertising, or for any other purpose.
Because these changes diverge from those proposed in the September 2011 proposal, the Commission has determined they warrant additional public comment prior to finalizing the Rule.
Public comments on the Supplemental Notice of Proposed Rulemaking will be accepted until September 10, 2012. Instructions for submitting comments are found in the Notice. Comments can be submitted electronically by clicking here. The Commission vote approving the Federal Register Notice was 5-0.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.