House SubCommittee Looks at Proposed Revisions to COPPA

House SubCommittee Looks at Proposed Revisions to COPPA

The Federal Trade Commission (FTC) recently revealed its proposed amendments to the Children’s Online Privacy Protection Rule (COPPA). COPPA requires that operators of websites or online services notify parents and obtain their consent when collecting, using, or disclosing the personal information of children under the age of 13. FPF shares the FTC’s visions to protect children online and fully supports the Commission’s intention to revise the current rule in response to changing technologies.

Tomorrow, October 5, 2011, the SubCommittee on Commerce, Manufacturing and Trade of the House Energy and Commerce Committee holds a hearing titled Protecting Children’s Privacy in an Electronic World. We look forward to the discussion. We are still reviewing the proposed revisions to the Rule and will be filing formal comments. Generally, we think that keeping the age restriction at under 13 makes sense as do many of the changes proposed by the FTC. Other points raised, such as the extent that companies will be able to be responsible for unrelated 3rd parties may be a challenge for some businesses. But we are also not entirely clear about the intention of the FTC in some areas, such as location and tracking, and are hoping for some clarification so we and others can comment in a useful way.


The FTC proposes to amend the statutory definition of “personal information” to include include: (1) an identifier that links the activities of a child across different Websites or online services and (2) geolocation information. With regard to identifiers, it is clear that the FTC has been concerned about companies that create and use behavioral profiles to advertise to children. We don’t think any responsible company does this and support the proposed effort to ensure that doing so is a violation of the Rule. But the revision as worded would seem to cover any advertising on a kids site that would track which ads are bringing users to an advertiser’s site, even if the data is used in the aggregate. The same data that is collected and logged for basic analytics and ad reporting, logged individually but used in aggregate, is generally the same data that can be mined for use in behavioral advertising. Is the intention to restrict any collection of tracking data across sites, even if used in a more limited way? Or is the FTC staking out a broad position because the data is kids data? Is this a precursor of the FTC’s final position on Do Not Track and collection limits which we may see in their upcoming broader privacy report? Clarification will be useful here.


In addition, a better understanding of the proposal to include precise geolocation information as personal information that requires consent before collection will be useful. Clearly there are instances where precise location can be used in a very “personal” manner, enabling a user to be identified or contacted. In other instances, precise location is a simple service that can help a user find where they are on a map or to find nearby resources. What obligations are imposed on an app developer providing a kids app that collects no personal information, but which includes an option to “show me directions from my location to this place”? Since the location consent mechanisms are created by Apple’s iOS mobile operating system and by Google’s Andriod system, what options does an app developer have?

We hope the hearing will get into these issues. We welcome your thoughts. FPF will be submitting comments to the FTC on these as well as others proposals set forth in the report. The deadline for filing is November 28, 2011.

Leave a Reply

Privacy Calendar

8:30 am Privacy as a Profit Center: Leve... @ Old Slip by Convene
Privacy as a Profit Center: Leve... @ Old Slip by Convene
Jan 26 @ 8:30 am – Jan 27 @ 4:15 pm
Learn how those on the leading edge of privacy governance and digital innovation from companies including Cigna, Cisco Systems, eBay Inc. Public Policy Lab, FocusMotion,Ghostery, Goodyear Tire & Rubber Company, Google, HP Enterprise Security Products, JPMorgan[...]
all-day Data Privacy Day
Data Privacy Day
Jan 28 – Jan 29 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]
all-day Global Privacy Summit 2015
Global Privacy Summit 2015
Mar 4 – Mar 6 all-day
For more information, click here.
6:00 pm CDT Annual Dinner “TechProm” 2015
CDT Annual Dinner “TechProm” 2015
Mar 10 @ 6:00 pm – 9:00 pm
Featuring the most influential minds of the tech policy world, CDT’s annual dinner, TechProm, highlights the issues your organization will be facing in the future and provides the networking opportunities that can help you tackle[...]
all-day BCLT Privacy Law Forum
BCLT Privacy Law Forum
Mar 13 all-day
This program will feature leading academics and practitioners discussing the latest developments in privacy law. UC Berkeley Law faculty and conference panelists will discuss cutting-edge scholarship and explore ‘real world’ privacy law problems. Click here[...]
all-day PL&B’s Asia-Pacific Roundtable (...
PL&B’s Asia-Pacific Roundtable (...
May 27 all-day
PROFESSOR GRAHAM GREENLEAF, Asia-Pacific Editor, Privacy Laws & Business International Report, will lead a roundtable on the countries of most interest to business in the Asia-Pacific region. Click here for more information.
all-day PL&B’s 28th Annual International...
PL&B’s 28th Annual International...
Jul 6 – Jul 8 all-day
The Privacy Laws & Business 27th Annual International Conference featured more than 40 speakers and chairs from many countries over 3 intensive days. At the world’s longest running independent international privacy event participants gained professionally by[...]

View Calendar