TechFreedom filed comments ( PDF ) on the second round of the FTC’s re-assessment of the rules implementing the Children’s Online Privacy Act (COPPA). The following statement can be attributed to TechFreedom President Berin Szoka:
Unfortunately, the FTC’s proposed revisions may fail to live up to Congress’s goals of enhancing parental involvement and protecting the privacy of children. With the best of intentions, tightening COPPA will likely reduce the functionality of sites and services aimed at children, thus encouraging children to lie to gain access to general audience sites—which COPPA cannot cover, given Supreme Court precedent barring age verification mandates for adults. These are the constitutional and practical constraints within which COPPA must operate, and which must limit the FTC’s ambitions.
Given these constraints, the best that can be done is to create a COPPA regime in which site operators are encouraged not only to offer specifically designed sites and services to children under 13 but, even better, to build sites and services that can “scale up” by offering “junior” versions that parents can manage, but with “training wheels” that come off as kids get older. Only if children actually want to use these sites will they—and their parents—cease lying about their age. Ultimately, this is the only way to advance COPPA’s core goal of enhancing parents’ involvement in what their children do online.
TechFreedom suggests seven specific changes the FTC should consider:
- Clarify that, for a website to be “directed to” based on demographic evidence , either a majority of audience must be children and, if it must go further, specify a lower threshold above which a site would be considered “directed to children” unless it asks users for their age before collecting information from them.
- Retain the existing actual knowledge and “directed to” standard, rather than establishing a new “ reason to know ” standard in the definition for web sites and online services “directed to” children.
- Clarify that persistent identifiers which do not permit contact with individuals and are not associated with personal identifiers are not personal information under the COPPA rule.
- Clarify that its proposed joint liability for the use of plug-ins does not apply to third party content embedded by users on COPPA-covered sites.
- Clarify that the “collected or maintained on behalf of an operator” proviso added to the definition of operator does not apply to plug-in operators that do not exchange personal information with the operators of COPPA sites.
- Consider holding a public workshop on how these changes will affect the ability of site and service operators to offer versions of their products that children will actually want to use.
- Explain whether companies have to get consent for information collected in the past that will only be considered personal after revisions to the COPPA rules.
TechFreedom previously filed comments on the FTC’s first Notice of Proposed Rulemaking on proposed revisions to COPPA. Szoka is the author with Adam Thierer, of “ COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech ” (June 2009).