The FTC proposed strengthening rules to protect children from the surveillance economy. The updated rules will require companies to get parental permission before sharing data with advertisers and prohibit them from retaining data for vague “internal operations,” among other things.
“The proposed changes to COPPA are much needed, especially in an era when online tools are essential to daily life and companies are deploying increasingly sophisticated digital tools to monitor children. Masu.” FTC Chair Lina Khan said: In a blog post. “Children need to be able to play and learn online without being endlessly tracked by companies looking to hoard and monetize their personal data.”
The Children’s Online Privacy Protection Act (COPPA) has been in place since 2000 and remains effective at preventing the most egregious data collection and abuse of children, but it was last updated in 2013 and now has a new coat. can do. of paint. The FTC asked for comments a long time ago on how the rules should change, and (as is often the case with Internet privacy issues) the response was overwhelming.
“We received more than 175,000 comments after the FTC announced it was considering revisions to the COPPA rule.” the agency mentioned in a news release.. “The proposed rule reflects what he has heard from parents, educators, industry members, researchers and others, and his 23 years of experience enforcing COPPA.”
The agency will soon issue a Notice of Proposed Rulemaking (NPRM), a draft of the new COPPA regulations, that the public will be able to comment on and criticize for the next 60 days. The exact timing will depend on when this document is published in the Federal Register, which is outside the FTC’s control, but could happen in the coming weeks. In the meantime, what you can do is Watch the draft here.
The updated rules require:
- Parents will opt-in before sharing their child’s information with third parties, unless sharing is “essential” to the service. Expect many things to suddenly “integrate” next year.
- Narrow the loophole in “support for internal operations.” For example, Amazon exploited this exception to retain children’s information indefinitely to improve its speech recognition models. Hopefully it will be less.
- Better justify “nudges” like push notifications to get kids to open apps or stay online.
- We do not force children to provide personal data to use our apps or features. For example, “Give me your birthday to get her 100 free crystals.”
- Data is not retained beyond its original stated use. As in the Amazon example, you can use your child’s voice command to launch an app (its primary use), but then you can’t “reliably” launch anything else.
- Schools and school districts may authorize educational technology providers to collect and use personal information about students for educational purposes only.
- “Personal information” now includes biometrics.
There are a few other details about the NPRM itself (of interest primarily to those directly involved). If you would like to know more about why these things are necessary, or why he needs COPPA in the first place, please contact Commissioner Alvaro Bedoya. We have released a helpful commentary on this topic.
Sen. Brian Schatz (D-Hawaii) approved the update, calling it “an encouraging step toward putting safeguards in place to protect the youngest users of social media from constant surveillance and manipulation.” .
But, he continued, “Rulemaking is not a substitute for law, and Congress needs to act. Create minimum age requirements for social media use and prohibit algorithmic targeting of children and teens. We urgently need to pass legislation to protect children online.”
Given the current state of Congress and (at least) the prospect of losing a controversial election in 2024, I doubt the senators’ urgency will translate into legislation any time soon. FTC rules will need to remain in place for some time to come.
Source: techcrunch.com
