FTC poised to release new rules to protect children’s online privacy

The Federal Trade Commission (FTC) is expected to soon overhaul regulations aimed at protecting the privacy of children when they are online.

At a recent event on Capitol Hill, FTC Chairman Jon Leibowitz said he hopes to announce his update to the Children's Online Privacy Protection Act (COPPA) this coming week.

The law, passed in 1998, restricts the ability of website operators to knowingly collect information from children younger than 13.

The agency proposed a draft revision in August, but companies including Facebook, Google and Disney warned that the changes would burden websites, stifle online commerce and infringe on constitutionally protected free-speech rights.

Although the agency is likely to tweak some of its proposals, observers expect the FTC to move ahead with a substantial overhaul of COPPA.

"I don't see the FTC retreating," said Linda Goldstein, a partner with the firm Manatt, Phelps & Phillips in New York who represented the Promotion Marketing Association.

She noted that protecting children's online privacy has been a top priority for the FTC, adding that the agency released a report last week slamming the mobile app industry for failing to meet basic privacy standards for children.

"Based on that report, we can expect to see a very expanded regulatory regime under COPPA," she predicted.

Jeff Chester, the executive director of the Center for Digital Democracy, a privacy advocacy group, agreed that the mobile app report indicates the commission is prepared for aggressive action.

"[The timing] wasn't a coincidence. I think the commission was signaling they had done their homework, and the industry had gotten a poor grade," he said.

The FTC's draft update to COPPA would clarify that the restrictions cover not only websites, but also games, apps, ad networks and other online plug-ins.

The proposal would expand the definition of personal information to cover photos, videos and geolocation data.

The rules would restrict the ability of websites to install tracking files, known as cookies, on children's computers. Advertisers install cookies to track users' browsing history and display targeted ads to them.

The FTC also proposed that site operators would trigger the privacy requirements if they had a "reason to know" that the user was a child. The law had previously required that site operators comply with the standards only if they had "actual knowledge" that the user was a child.

Chester said he expects the commission will relax the "reason to know" standard to address criticism from industry groups. But he expressed optimism that the agency will move ahead with its other proposed changes.

Jerry Cerasale, vice president of government affairs for the Direct Marketing Association, said he is concerned that the proposal covers devices instead of people.

He argued that if his grandchild uses his iPad to visit children's websites, that device could be identified as belonging to a child, even though he is the one who primarily uses it.

"It will affect your personalized experience and your enjoyment of the Web," he said.

He argued the proposed changes could confuse website owners and expose them to significant legal liability.

Cerasale said he supports the original version of COPPA and emphasized that FTC staffers have been receptive to feedback on the proposed revisions.

But he expressed fear that if privacy regulations go too far, they could hamper advertisers and eventually force free online services to begin charging.

Correction: A previous version of this article misstated Linda Goldstein's location. She is based in New York.