Today, the Federal Trade Commission voted to update the Children’s Online Privacy Protection Act (COPPA), bringing it up to speed with modern tracking technologies that didn’t exist when the law was passed in 1998.
Abine was one of more than 50 organizations that signed on to a letter pushing for the changes, organized by the Center for Digital Democracy and delivered to the Commission last week. More than 10,000 individuals also signed online petitions calling for changes to COPPA.
The biggest changes to COPPA are as follows:
1. Companies may not track and target children under 13 with behavioral advertising by using cookies, IP addresses, or other persistent identifiers. By “persistent identifiers,” they mean tools or tracking methods that help companies to recognize users over time across platforms without having to know their names.
2. Photographs, geo-location, visual and audio files, and other visual representations of children under 13 are now included in the definition of “personal information” that companies must get express verifiable parental consent before they may collect or use.
3. Social networks–which up until now have managed to avoid COPPA–will now have to take more responsibility for their collection practices because they’re liable under COPPA when they know that they are on child-directed websites.
One of the most important changes is the recognition that tracking data is personally-identifiable information, despite what the advertising industry says. Online tracking can and does identify individuals, including children, and puts their privacy and security at risk.
This is a huge step forward in protecting kids’ online privacy, but the law alone isn’t enough to ensure protection: the FTC will need to make sure that websites are following the rules and punish bad actors who aren’t.