by Joe Mullin – Dec 19 2012,
There is currently no federal online privacy law, which makes it essentially impossible for government agencies like the Federal Trade Commission to go after Internet companies unless they violate their own published privacy policies.
One area where that’s not true is when it comes to kids. When dealing with children under 13 years old, online service companies can’t collect personal information (like e-mail addresses) without explicit permission from a parent or guardian. The FTC can prosecute companies that gather kids’ data without parental consent. The commission has used that power, too, against both small developers and big companies like Sony.
Technology, and the terms used to regulate it, change over time. The Children’s Online Privacy Protection Act (or COPPA) was passed in 1998, and since then it has become unclear exactly what is or isn’t allowed. A new set of rules published by the FTC today doesn’t change existing law, but it should lend more clarity to enforcing privacy protection for kids in the changing tech world, especially when dealing with location technologies and mobile apps.
Specifically, the new rules:
#1 Make clear that the “personal information” that can’t be collected without parental consent includes geolocation information, photographs, and videos.
#2 Make clear that third parties (like advertising networks) must also comply with COPPA.
#3 Close a loophole that allowed kids’ information to be collected via plug-ins without parental notice
#4 Clarify that “persistent identifiers” are also protected information, like IP addresses and mobile device IDs
#5 Require that websites aimed at kids have “reasonable procedures” for data retention and deletion
Follow Radio Freedom on Facebook