House SubCommittee Looks at Proposed Revisions to COPPA

House SubCommittee Looks at Proposed Revisions to COPPA

The Federal Trade Commission (FTC) recently revealed its proposed amendments to the Children’s Online Privacy Protection Rule (COPPA). COPPA requires that operators of websites or online services notify parents and obtain their consent when collecting, using, or disclosing the personal information of children under the age of 13. FPF shares the FTC’s visions to protect children online and fully supports the Commission’s intention to revise the current rule in response to changing technologies.

Tomorrow, October 5, 2011, the SubCommittee on Commerce, Manufacturing and Trade of the House Energy and Commerce Committee holds a hearing titled Protecting Children’s Privacy in an Electronic World. We look forward to the discussion. We are still reviewing the proposed revisions to the Rule and will be filing formal comments. Generally, we think that keeping the age restriction at under 13 makes sense as do many of the changes proposed by the FTC. Other points raised, such as the extent that companies will be able to be responsible for unrelated 3rd parties may be a challenge for some businesses. But we are also not entirely clear about the intention of the FTC in some areas, such as location and tracking, and are hoping for some clarification so we and others can comment in a useful way.


The FTC proposes to amend the statutory definition of “personal information” to include include: (1) an identifier that links the activities of a child across different Websites or online services and (2) geolocation information. With regard to identifiers, it is clear that the FTC has been concerned about companies that create and use behavioral profiles to advertise to children. We don’t think any responsible company does this and support the proposed effort to ensure that doing so is a violation of the Rule. But the revision as worded would seem to cover any advertising on a kids site that would track which ads are bringing users to an advertiser’s site, even if the data is used in the aggregate. The same data that is collected and logged for basic analytics and ad reporting, logged individually but used in aggregate, is generally the same data that can be mined for use in behavioral advertising. Is the intention to restrict any collection of tracking data across sites, even if used in a more limited way? Or is the FTC staking out a broad position because the data is kids data? Is this a precursor of the FTC’s final position on Do Not Track and collection limits which we may see in their upcoming broader privacy report? Clarification will be useful here.


In addition, a better understanding of the proposal to include precise geolocation information as personal information that requires consent before collection will be useful. Clearly there are instances where precise location can be used in a very “personal” manner, enabling a user to be identified or contacted. In other instances, precise location is a simple service that can help a user find where they are on a map or to find nearby resources. What obligations are imposed on an app developer providing a kids app that collects no personal information, but which includes an option to “show me directions from my location to this place”? Since the location consent mechanisms are created by Apple’s iOS mobile operating system and by Google’s Andriod system, what options does an app developer have?

We hope the hearing will get into these issues. We welcome your thoughts. FPF will be submitting comments to the FTC on these as well as others proposals set forth in the report. The deadline for filing is November 28, 2011.

Leave a Reply

Privacy Calendar

10:00 am Privacy Principles in the Era of Massive Data @ Georgetown Law Center
Privacy Principles in the Era of… @ Georgetown Law Center
Apr 22 @ 10:00 am – 12:00 pm
Experts from the public and private sectors will join public policy experts from the Georgetown University McCourt School of Public Policy and privacy law experts [...]
all-day 6th Biannual International Surveillance & Society Conference
6th Biannual International Surve…
Apr 24 – Apr 25 all-day
The 6th Biannual International Surveillance & Society conference hosted by the University of Barcelona and supported by the Surveillance Studies Network is currently calling for [...]
12:00 pm Data Privacy in Education: Ensuring Student Security while Encouraging Innovation in K-12 Education @ Rayburn House Office Building, Room B-354
Data Privacy in Education: Ensur… @ Rayburn House Office Building, Room B-354
Apr 24 @ 12:00 pm – 1:00 pm
The Congressional E-Learning Caucus in cooperation with Into and the National Coalition for Technology in Education and Training presents a luncheon to discuss “Data Privacy [...]
all-day IAPP Europe Data Protection Intensive 2014
IAPP Europe Data Protection Inte…
Apr 29 – May 1 all-day
The IAPP Europe Data Protection Intensive features timely programming centred on the top issues impacting the European data protection community, with a focus on addressing [...]
5:30 pm InSecurity: Race, Surveillance and Privacy in the Digital Age @ New America Foundation
InSecurity: Race, Surveillance a… @ New America Foundation
Apr 30 @ 5:30 pm – 7:30 pm
Now more than ever, digital tools sit at a precarious tipping point, and many question whether they will be used to address pre-existing disparities, [...]
all-day IAPP Canada Privacy Symposium 2014
IAPP Canada Privacy Symposium 2014
May 7 – May 9 all-day
The IAPP Canada Privacy Symposium is the leading conference for education, debate and discussion of issues that matter most to Canadian privacy and data protection [...]
all-day Privacy Law Scholars Conference (7th Annual) @ The George Washington School of Law
Privacy Law Scholars Conference … @ The George Washington School of Law
Jun 5 – Jun 6 all-day
  UC Berkeley School of Law and The George Washington University Law School will be holding the seventh annual Privacy Law Scholars Conference (PLSC) on [...]
all-day Computers, Freedom, and Privacy 2014 Conference @ Airlie Center
Computers, Freedom, and Privacy … @ Airlie Center
Jun 8 – Jun 10 all-day
Mark your calendars! The 2014 Computers, Freedom, and Privacy Conference will be held June 8-10 at the Airlie Center in Warrenton, Virginia. The Airlie Center [...]

View Calendar