In October 1999, the FTC issued the "Children's Online Privacy Protection Rule." The Rule went into effect on April 21, 2000. The Rule imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age (collectively "operators").
Among other things, the Rule requires that operators provide notice to parents and obtain verifiable parental consent prior to collecting, using, or disclosing personal information from children under 13 years of age. The Rule also requires operators to keep secure the information they collect from children and prohibits them from conditioning children's participation in activities on the collection of more personal information than is reasonably necessary to participate in such activities.
Further, the Rule contains a "safe harbor" provision enabling industry groups or others to submit to the Commission for approval self-regulatory guidelines that would implement the Rule's protections.
2005 FTC review Edit
COPPA and § 312.11 of the Rule required the Commission to initiate a review no later than five years after the Rule’s effective date to evaluate the Rule’s implementation. The Commission commenced this mandatory review on April 21, 2005. After receiving and considering extensive public comment on the Rule, the Commission determined in March 2006 to retain the COPPA Rule without change.
2010 FTC review Edit
On April 5, 2010, the Commission published a document seeking public comment on whether technological changes to the online environment over the preceding five years warranted any changes to the Rule. In this notice, the Commission posed 28 questions for the public’s consideration. In addition, the Commission identified several areas where public comment would be especially useful. First, the Commission asked whether the Rule’s current definitions are sufficiently clear and comprehensive, or whether they might warrant modification or expansion, consistent with the COPPA statute.
Among other questions, the Commission asked for comment on the application of the definition of "Internet" to mobile communications, interactive television, interactive gaming, and similar activities. Further, the Commission asked whether the Rule’s definition of "personal information" should be expanded to include other items of information that can be collected from children online and are not currently specified in the Rule, such as persistent IP addresses, mobile geolocation information, or information collected in connection with online behavioral advertising.
The Commission also sought comment on the use of automated systems for reviewing children’s web submissions (e.g., those that filter out any personally identifiable information prior to posting). In addition, the Commission asks whether change is warranted as to the Rule provisions on protecting the confidentiality and security of personal information, the right of parents to review or delete personal information, and the prohibition against conditioning a child’s participation on the collection of personal information.
Finally, the Commission sought comment about its role in administering the Rule’s safe harbor provisions.
In addition to the dialogue at the public roundtable, the Commission received 70 comments from industry representatives, advocacy groups, academics, technologists, and individual members of the public. The comments addressed the efficacy of the Rule generally, and several possible areas for change.
2011 FTC Review Edit
On September 15, 2011, the FTC announced that it is seeking public comment on proposed amendments to the Children’s Online Privacy Protection Rule. The Commission proposes modifications to the Rule in five areas: definitions, including the definitions of “personal information” and “collection,” parental notice, parental consent mechanisms, confidentiality and security of children’s personal information, and the role of self-regulatory “safe harbor” programs. The proposed Rule was published here.
- ↑ 64 Fed. Reg. 59888 (Oct. 20, 1999).
- ↑ See Children’s Online Privacy Protection Rule, 16 C.F.R. 312.3.
- ↑ See 16 C.F.R. 312.7 & 312.8.
- ↑ See 16 C.F.R. Part 312.10; 64 Fed. Reg. at 59906-59908, 59915.
- ↑ See 15 U.S.C. 6507; 16 C.F.R. 312.11.
- ↑ See Children’s Online Privacy Protection Rule, 71 Fed. Reg. 13247 (Mar. 15, 2006) (retention of rule without modification).
- ↑ See Request for Public Comment on the Federal Trade Commission’s Implementation of the Children’s Online Privacy Protection Rule (“2010 Rule Review”), 75 Fed. Reg. 17089 (Apr. 5, 2010).
- ↑ FTC, "FTC Seeks Comment on Proposed Revisions to Children’s Online Privacy Protection Rule" (Sept. 15, 2011) (full-text).