Online Protections for Children Take a Turn for the Better

Children's Online Protections Ramp Up to Meet with Digital Landscape Evolution

In a world increasingly shaped by digital interactions, it's imperative to revisit and revise the protection of children online. The Federal Trade Commission’s (FTC) recently announced its intention to do just that with a proposed amendment to amend the Children’s Online Privacy Protection Act (COPPA).

The original enactment of COPPA in 1998, and its subsequent update in 2013, were pivotal moments in the ongoing battle to safeguard children’s personal information on the internet. The 2013 update in particular, responded to the rapid expansion of the digital landscape, addressing emerging technologies like social networks, apps, and the burgeoning realm of mobile devices—and all the expanded data collection that came along with it. This update broadened the definition of “personal information” to include geolocation data and cookies, adapting to the evolving methods of online tracking and data collection.

The digital ecosystem has continued to evolve at a breakneck pace in 2024, presenting new challenges and opportunities. The latest proposed amendments by the FTC acknowledge these profound shifts in technology and online behavior. They aim to fortify protections for our youngest and most vulnerable digital citizens amidst a growing landscape rife with sophisticated data-driven marketing and collection, the proliferation of connected devices, and an ever-expanding universe of online content targeting children using obvious and covert methods. These changes reflect a necessary and timely response to a digital ecosystem that has transformed significantly since COPPA’s last update well over a decade ago.

By vigilantly monitoring how technology has evolved and how our children and their data are at risk, the FTC is underscoring its commitment to being proactive and adapting legal safeguards to protect kids. This dedication reflects a deep understanding of the dynamic interplay between technology, privacy, and the rights of children in the digital world. These changes are intended to enhance and strengthen these protections in the evolving online environment, reflecting both technological advancements and how companies are changing their business and data collection & usage practices.

The proposed changes to the rule, include:

1. Separate Opt-In for Targeted Advertising: This would require verifiable parental consent to disclose information to third parties, including advertisers, unless integral to the website or service.
2. Prohibition Against Conditioning Participation: This strengthens the rule against conditioning a child's participation in activities on the collection of personal data, emphasizing an outright ban on collecting more information than necessary.
3. Limits on Support for Internal Operations Exception: Changes to this rule would require operators to provide specific details on their internal operations for which a persistent identifier is collected and ensure that it’s not used for contact or targeted advertising.
4. Limits on Nudging Kids to Stay Online: Operators would be banned from using collected information to send push notifications to children, which encourage them to use their service more.
5. Changes Related to Education Technology (Ed Tech): The proposed rule would allow schools to authorize ed tech providers to use students’ information only for educational purposes and ban commercial use.
6. Increasing Accountability for Safe Harbor Programs: This would involve greater transparency and reporting requirements for COPPA Safe Harbor programs.
7. Strengthening Data Security Requirements: Operators would need to establish a comprehensive security program for children’s personal information.
8. Limits on Data Retention: This change would allow personal information retention only as long as is necessary for its collected purpose, with a prohibition on using retained information for secondary purposes.

Additionally, the FTC proposes expanding the definition of “personal information” to include biometric identifiers, the use of which is growing rapidly.

Currently, there’s a 60-day window for public comment on these proposed changes. There will likely be a great deal of commentary and pushback from companies whose livelihoods are dependent upon extensive data collection and usage.

As we reflect on the FTC’s proposed changes to the COPPA Rule, it’s clear that we are at an important juncture in the ongoing efforts to protect children in the ever-evolving digital landscape. These amendments are not just regulatory updates; they are incremental and pivotal steps towards safeguarding our children’s digital footprints, ensuring their online experiences are not only enriching but also secure and free of manipulative and deceptive business practices.

The emphasis on parental consent, prohibition of exploitative practices, enhanced data security, and specific measures for educational technology underscore a necessary and more comprehensive approach to digital privacy. These proposals reflect the FTC’s vigilance and commitment to evolving with technological advancements and changing business practices.

As we move forward, it is incumbent upon all stakeholders – parents, educators, technology providers, and policymakers – to remain engaged and informed. This is undoubtedly challenging to do given how quickly things change, but it’s vital that we do so. The digital world our children inhabit today will shape their future, and it is our collective responsibility to ensure that this world is as safe and nurturing as possible.