The US Federal Trade Commission (FTC) adopted amendments to the Children’s Online Privacy Protection Act, designed to give parents greater control over personal information their children share with online services and apps.
Earlier this month the FTC issued a report into the privacy practices of apps targeting children, noting that “our study shows that kids’ apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents”.
The changes include closing a loophole that allows apps aimed at children to permit third parties to collect personal information through plug-ins without parental notice or consent. COPPA compliance should also extend to third parties in these cases.
The list of personal information that cannot be collected without parental notice now includes geolocation information, photos and videos.
The move comes after an FTC review to ensure the COPPA Rule keeps up with evolving technology and the changing way children use and access the internet – including the use of mobile devices. COPPA applies to children under the age of 13.
Other areas now covered by the COPPA Rule include persistent identifiers that can recognise users over time, such as IP addresses and mobile device IDs; and strengthened data security protection to ensure online service operators adopt reasonable procedures for data retention and deletion, and take steps to ensure children’s personal information only goes to companies capable of keeping it secure and confidential.
The COPPA Rule was mandated when the US Congress passed the Children’s Online Privacy Protection Act of 1998. The final amended COPPA Rule will take effect on 1 July 2013.