FTC beefing up rules for protecting kids' privacy online

Summary:Some of the changes to the FTC's online privacy rule for kids include updating the list of personal data that can't be collected without parental consent to extend to geolocation info and photos.

Just a little more than a week after publishing a report voicing serious concerns over mobile apps directed at children, the Federal Trade Commission is taking more decisive action.

See also: We need standard disclosure for online privacy. Here's how

The FTC announced on Wednesday that it will be updating and "strengthening" the Children’s Online Privacy Protection (COPPA) Rule.

Originally adopted in 1998, the act is intended to require website operators and online services directed towards children under 13 to "give notice to parents and get their verifiable consent before collecting, using, or disclosing such personal information, and keep secure the information they collect from children.

In last week's report, the FTC argued that parents still don't have a clear picture of what kind of data is being collected about their children when it comes to mobile apps, in particular.

The last review of this rule was in 2010, and given the proliferation of social media (just look at the Instagram firestorm this week ) since then, an update now makes sense.

There are a number of more specific modifications to the COPPA Rule, which are listed in detail within the FTC's statement.

Along with clarifications to definitions as to what constitutes "personal information" or a website "operator," here are a few examples of the amendments:

  • The list of "personal information" that cannot be collected without parental notice and consent now includes geolocation information, photos, and videos.
  • The FTC is closing "a loophole," which apparently allowed apps and websites targeted towards kids to allow third-parties to collect personal info from them via plug-ins without parental notice and consent.
  • The COPPA Rule is being extended to blanket "persistent identifiers" that recognize users over time and across different websites or online services, such as IP addresses and mobile device IDs.

Furthermore, the FTC stipulated that the final amended rule "also requires operators to retain children’s personal information for only as long as is reasonably necessary, and to protect against unauthorized access or use while the information is being disposed of."

FTC chairman Jon Leibowitz asserted in prepared remarks that he is confident that these changes will "strike the right balance between protecting innovation that will provide rich and engaging content for children, and ensuring that parents are informed and involved in their children’s online activities."

Topics: Privacy, Government, Government : US, Legal, Security

About

Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider, FastCompany.com, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for MainStreet.com, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.