WASHINGTON (Reuters) - U.S. regulators proposed tougher rules on Wednesday designed to protect children’s privacy online, toughening privacy protections on mobile devices and ensuring that websites and third-party data brokers get permission before they collect children’s data.
The Federal Trade Commission, which enforces a 1998 law called the Children’s Online Privacy Protection Rule, said the changes were needed to take into account the widespread use of mobile devices and to make website owners responsible for any infractions committed by third parties, such as data brokers.
“The commission did not foresee how easy and commonplace it would become for child-directed sites and services to integrate social networking and other personal information collection features into the content offered to their users, without maintaining ownership, control or access to the personal data,” the commission said in its proposed rule.
The proposal, which is an amendment to a rule change put forward nearly a year ago, also specifies that family websites, which are websites aimed at children and adults, would be allowed to screen users to determine their ages and only provide COPPA protection to children under age 13.
Currently, all visitors to the websites must be treated as if they are under age 13.
The FTC’s proposal updates the definition of “personal information” to require parental permission before identifiers like IP addresses, that can be used to recognize a user over time or across different sites or services, could be collected while children surf the Internet.
Data-collecting tracking cookies placed on a computer were added to the definition of “personal information” last September since they can be used to identify the computer’s user.
The proposal is open for comment until September 10. The commission will then come out with a final rule, perhaps by the end of the year.
The Children’s Online Privacy Protection Act mandates that website and online service operators obtain verifiable consent from parents before collecting, using or disclosing personal information of children under 13.
The FTC implements COPPA through a rule that became effective in 2000. Lawmakers and privacy advocates have argued that tech companies are not doing enough to safeguard their customers’ privacy.
Reporting By Diane Bartz and Jasmin Melvin; Editing by Tim Dobbyn