The Federal Trade Commission is proposing changes to the Children's Online Privacy Protection Rule, which is mandated by the Children's Online Privacy Protection Act, or COPPA. The COPPA Rule governs the information that websites can request from visitors under the age of 13, and the agency is requesting public comments on the proposed changes.
The proposed modifications are in the area of definitions, parental notice, parental consent mechanisms, confidentiality and security of children's personal information, and the role of self-regulatory "safe harbor" programs. The federal agency is looking to receive written comments no later than Nov. 28.
Modifying 'Personal Information'
The rule requires parental notice and consent for the collection of personal information from children under 13, requires the information be kept secure , and prohibits children from being conditioned to participating in activities that require more personal information than is required.
COPPA specifies that websites and online services directed toward children under 13, or any site that knows they are collecting information from users under that age, must obtain parental consent before collecting, using or disclosing that information. In 2000, the FTC implemented its rule, based on the COPPA statute, and, after a review in 2005, reviewed the rule and kept it without changes.
In April of last year, the FTC sought public comment on the rule, because of rapid changes in the technology and how children now use the Net.
The technological and usage changes include geo-location information and tracking cookies or other persistent identifiers. The FTC proposes to modify the definition of "personal information" to include those components, and it also proposes to modify the definition of "collection" to allow children's participation in interactive communities without parental consent, as long as the site or service operators "take reasonable measures to delete all or virtually all children's personal information before it is made public."
Streamlining Parental Notice
To streamline parental notice, the agency is recommending that key information be presented to parents in a brief "just in time" notice, and not only in a privacy policy. It also is proposing new ways of obtaining parental consent, including scans of signed parental consent forms, video-conferencing, or use of government-issued ID checked against a database , as long as the ID is deleted after verification.
It also wants to eliminate one of the forms of parental consent, known as "email plus," where the operator can obtain consent via email sent to the parent when the personal information is collected only for internal use.
The FTC also seeks to strengthen requirements for confidentiality and security, such that operators ensure any third-parties, including service providers, have "reasonable procedures" to protect a child's personal information, that they retain the information only as long as is reasonably needed, and that they properly delete it.
For "safe harbor" self-regulatory programs, the agency wants such programs to audit their members annually and report the results of the audits.
0 komentar:
Post a Comment