will no longer be able to collect geolocation information or display photos or
videos of children under 13 without parental consent under new rules adopted by
the Federal Trade Commission (FTC).
new rules amended the original rules adopted in 2000, which implemented the
Children’s Online Privacy Protection Act (COPPA). The amendments expand the definition of
personal information to include geolocation information and photos, videos, and
audio files that contain a child’s image or voice. In addition, the rule covers persistent
identifiers that can be used to recognize a user over time and across different
websites or online services.
the Privacy Rights Clearinghouse stated, ‘[a]s facial recognition advances,
photos and videos have the potential to be analyzed and used to target and
potentially identify individuals.’ Given
these risks, the Commission continues to believe it is entirely appropriate to
require operators who offer young children the opportunity to upload photos,
videos, or audio files containing children’s images or voices to obtain
parental consent beforehand. Therefore,
the Commission adopts modifications of the definition of personal information
regarding photos, videos, and audio files as proposed in the 2011 NPRM, without
qualification,” the FTC found.
Internet of 2012 is vastly different from the Internet of more than a decade
ago, when we first issued the COPPA Rule,” FTC Chair Jon Leibowitz stated in a
press release. “Since then, we have seen
the rise of smartphones, tablets, social networks, and more than a million
apps. And while these advances have
enriched our lives, enhanced educational opportunities, and grown our economy,
they also exacerbate the privacy risks of children.”
requires that websites or online services directed to children under 13, or
having knowledge that they are collecting personal information from children
under 13, obtain parental consent before collecting, using, or disclosing such
amended rules close a loophole that allowed child-directed apps and websites to
permit third parties to collect personal information from children through
plug-ins without parental notice and consent.
new rules prohibit operators, without parental consent, from using or
disclosing information collected to contact a specific person, including
through behavioral advertising, to amass a profile on that person, or for any
other purpose. Website operators also must
take reasonable steps to make sure that third parties are capable of
maintaining the confidentiality, security, and integrity of children’s personal
information before they release such information to the parties.
new rules take effect on July 1, 2013.