Enhancements to Children’s Online Privacy: The Proposed Revisions to the COPPA Rule

by | Jan 14, 2024

The Federal Trade Commission (FTC) has proposed changes to the Children’s Online Privacy Protection Rule (COPPA Rule) to better protect children’s online privacy in the ever-changing digital world. These changes aim to safeguard children’s personal information and ensure compliance with new laws, reflecting the growing concern for privacy in the digital age.

Originally established in 1999, the COPPA Rule provided federal protection for children’s online personal information. However, as privacy concerns continue to arise, the rule has gone through several changes, with more on the way.

One important part of the proposed changes is the broader definition of “personal information.” Under the new definition, biometric data, like fingerprints or facial recognition, would be included in the protected data category. This broader definition acknowledges the increased use of biometric technology and the need to protect children’s sensitive information.

Another crucial provision aims to stop operators from using online contact information to manipulate user attention or engagement without parental consent. This provision addresses concerns about manipulative advertising that exploits children’s personal data, ensuring that their privacy rights are strengthened.

Recent cases of COPPA violations by companies, like the settlement between Microsoft and the FTC, emphasize the importance of following the rule and the need for clearer guidelines in our ever-changing digital world. The proposed changes aim to address these concerns and provide better guidance for companies and operators.

Furthermore, the changes establish clear rules regarding the collection of personal information for educational purposes. The proposal clarifies that schools can allow the collection of personal information, giving legal certainty to education technology providers. This provision recognizes the growing role of technology in education while protecting children’s privacy.

Moreover, the changes would require operators to get separate parental consent for sharing children’s personal information with third parties, including targeted advertising. This provision aims to give parents more control over their children’s data and limit the potential exploitation of personal information for commercial gain.

Data security is also a key focus of the proposed changes. The changes expand the COPPA Rule’s data security requirements, giving more guidance on reasonable procedures and steps for protecting children’s information. Operators would need to establish and implement a comprehensive written security program to effectively protect children’s personal data.

Additionally, the proposal strengthens provisions related to data deletion and retention, limiting the keeping of personal information to the specific purpose for which it was collected. This provision ensures that companies do not keep children’s data for longer than necessary, reducing the risk of unauthorized access or potential misuse.

To encourage industry self-regulation, the FTC allows industry groups to apply for Safe Harbor programs, which allow the approval of self-regulatory programs by the Commission. This collaborative approach between industry stakeholders and the FTC ensures compliance with COPPA regulations.

These proposed changes show a growing interest in protecting children’s privacy through legislation and regulation. As technology continues to advance, it is important to adapt regulations to address emerging concerns and protect the most vulnerable users of online platforms.

In conclusion, the proposed changes to the COPPA Rule are a significant step in strengthening children’s online privacy. By expanding the definition of personal information, enhancing data security requirements, and clarifying guidelines for educational purposes, the FTC aims to provide strong safeguards for children’s online data. As these changes undergo further review and potential adoption, companies that handle children’s data must stay informed and ensure compliance with evolving legal requirements. Ultimately, the protection of children’s privacy in the digital age must be a priority.