FTC moves to tighten digital privacy protection rules for kids


The Federal Trade Commission on Thursday outlined a series of revisions to the decade-old Children's Online Privacy Protection Act, proposing to revamp the legislation to cover smartphone apps, social media sites and other recent technological advances inadequately addressed by existing regulations.

The Children's Online Privacy Protection Act requires companies to obtain parental consent before collecting any personal data about a child under the age of 13. The FTC proposes expanding the definition of personal information to include a child's location, personal data collected via cookies for targeted advertising and facial recognition technology. In addition, digital services that collect a child's information will be required to protect the data, keep it "for only as long as is reasonably necessary" and then delete it. The FTC also wishes to update how companies and services obtain parental consent, transitioning beyond the current two-step e-mail and authorization process to mandate scanned versions of signed consent forms and videoconferencing.

The FTC cited "an explosion in children's use of mobile devices, the proliferation of online social networking and interactive gaming" as catalysts behind its decision to update the legislation. FTC chairman Jon Leibowitz described children as "tech-savvy, but judgment-poor," adding "We want to ensure that the COPPA Rule is effective in helping parents protect their children online, without unnecessarily burdening online businesses."

The FTC has already taken measures to illustrate that existing privacy regulations extend to the mobile applications ecosystem. In mid-August, it handed down a $50,000 fine against W3 Innovations, the parent firm of iOS developer Broken Thumbs Apps, after the company collected children's personal data in games like Zombie Duck Hunt, Truth or Dare, and Emily's Dress Up. The FTC alleges that Broken Thumbs titles "collected, maintained, and/or disclosed personal information" entered into its apps, which target young gamers--the complaint adds the developer collected and maintained a list of more than 30,000 e-mails as well as personal information from roughly 600 users.

Two bills introduced in mid-June in the U.S. House of Representatives and Senate propose new restrictions on how both government agencies and private firms can collect and implement user location data. Specifically, the bills mandate that companies including Apple (NASDAQ:AAPL), Google (NASDAQ:GOOG) and their software developer partners obtain express consent from smartphone and tablet users before sharing their information with third parties.

The Location Privacy Protection Act, spearheaded by Sen. Al Franken (D-Minn.), chairman of the Judiciary Subcommittee on Privacy, Technology and the Law, and Sen. Richard Blumenthal (D-Conn.), vows to close loopholes in federal law to guarantee that consumers know what location data is collected and give them the option to decide whether they wish to share it. The Geolocation Privacy and Surveillance (GPS) Act, proposed by Sen. Ron Wyden (D.-Ore.) and Rep. Jason Chaffetz (R.-Utah), would require law enforcement agencies to get a warrant to track a citizen's location via mobile phone or special tracking device.

For more:
- read this New York Times article

Related articles:
Legislation mandates companies get consent before sharing location data
Senator pressures Apple, Google to mandate developer privacy policies
Senators call for smartphone location tracking law
Apple, Google urged to police developer location data use
Apple fixes location tracking glitch with iOS 4.3.3 update