Alterations to rule change proposals for protecting children online would still prevent personal info from being collected from kids under 13 for behaviorally-targeted ads. The Federal Trade Commission introduced proposed changes to the Children’s Online Privacy Protection Rule, known as COPPA.
In particular, the FTC proposed altering the definition of “personal information” in the COPPA law “to make clear that a persistent identifier will be considered personal information where it can be used to recognize a user over time, or across different sites or services, where it is used for purposes other than support for internal operations.” COPPA applies to sites and online services aimed at children under age 13.
The new proposal goes into more detail, and appears to be in direct response to several comments from digital companies and trade groups. Now, the rule would not apply to “personal information” collection for basic website operations including “site maintenance and analysis, performing network communications, use of persistent identifiers for authenticating users, maintaining user preferences, serving contextual advertisements, and protecting against fraud and theft.”
Still, the FTC’s proposal would prevent the use of personal info to be collected for behaviorally-targeted ads.
The Interactive Advertising Bureau’s own self-regulatory guidelines already block behaviorally-targeted ads from being delivered to users known to be under age 13, as well as collection of any data that can be associated with a device whose user is known to be under 13.
The new proposal – open to comments until September 10 – does seem to take specific industry concerns into account. In 2011, when the FTC unveiled its proposed changes, trade groups including the IAB and the Digital Advertising Alliance, along with Google, Yahoo, and other big online ad firms submitted comments expressing concern that the new rules were overreaching. Expansion of the personal information definition would allow COPPA to apply to “routine advertising and analytics activities that do not involve behavioral targeting or individual contact,” wrote the IAB at the time.
In response, Google expressed concern that even contextual ads – meaning ads that are aimed based on the content of a web page rather than a user’s perceived interests or previous web interactions – would require parental consent. “Even purely contextual advertising delivered by third-party ad networks like Google’s requires the collection of IP addresses for at least fraud detection and reporting purposes,” stated Google’s 2011 comments to the FTC.
Today the FTC also made clear that COPPA applies to ad networks when they have reason to know they are collecting personal information through a “child-directed website or online service.” In addition, the changes would allow sites with audiences including kids and adults to age-screen users rather than requiring them to treat all users as under age 13.
The FTC announced its original proposed changes to COPPA in September 2011, years before the next scheduled review in 2017. The rules originated in 2000.