US regulators propose new online privacy safeguards for children

The Federal Trade Commission on Wednesday proposed sweeping changes to strengthen a key federal rule that has protected children’s privacy online, in one of the U.S. government’s most significant attempts to strengthen consumer privacy in more than a decade. .

The changes are intended to strengthen the rules underlying the Children’s Online Privacy Protection Act of 1998, a law that restricts online tracking of young people by services such as social media apps, video game platforms, toy retailers. and digital advertising networks. Regulators said the measures would “shift the burden” of online safety from parents to apps and other digital services, while limiting how platforms can use and monetize children’s data.

Among other things, the proposed changes would require certain online services to disable targeted advertising by default for children under 13 years of age. They would prohibit online services from using personal data such as a child’s cell phone number to induce young people to stay on their platforms longer. That means online services will no longer be able to use personal data to bombard young children with push notifications.

The proposed updates would also strengthen security requirements for online services that collect data from children and limit how long online services could retain that information. And they would limit the collection of student data by learning apps and other educational technology providers by allowing schools to consent to the collection of children’s personal data only for educational, non-commercial purposes.

“Children should be able to play and learn online without being endlessly tracked by companies seeking to hoard and monetize their personal data,” Federal Trade Commission Chairwoman Lina M. Khan said in a statement Wednesday. “By requiring companies to better protect children’s data, our proposal imposes affirmative obligations on service providers and prohibits them from outsourcing their responsibilities to parents.”

COPPA is the central federal law protecting children online in the United States, although members of Congress have attempted to introduce other bills since then.

Under COPPA, online services aimed at children, or those who know they have children on their platform, must obtain parental permission before collecting, using or sharing personal data, such as first and last names, addresses and phone numbers. telephone, of a child under 13 years of age.

To comply with the law, popular apps like Instagram and TikTok have terms of service that prohibit children under 13 from creating accounts. Gaming and social media apps often ask new users to provide their dates of birth.

Still, regulators have filed numerous complaints against big tech companies, accusing them of failing to establish effective age screening systems; display targeted ads to children based on their online behavior without parental permission; allowing strangers to contact children online; or retain children’s data even after parents asked for it to be deleted. Amazon; Microsoft; Google and its YouTube platform; Epic Games, the creator of Fortnite; and Musical.ly, the social app now known as TikTok, have paid multimillion-dollar fines to resolve charges of violating the law.

The FTC’s proposal to strengthen children’s privacy protections comes amid increased public concern about the potential mental health and physical safety risks that popular online services may pose to young people online. Parents, pediatricians and children’s groups warn that social media content recommendation systems have routinely shown inappropriate content that promotes self-harm, eating disorders and plastic surgery among girls. And some school officials worry that social media platforms will distract students from their homework in class.

States have passed more than a dozen laws this year restricting minors’ access to social media or pornography sites. Industry trade groups have successfully filed lawsuits to temporarily block several of those laws.

The FTC began reviewing the children’s privacy rule in 2019 and received more than 175,000 comments from technology and advertising industry trade groups, video content developers, consumer advocacy groups, and members of Congress. The resulting proposal It has more than 150 pages.

The proposed changes include narrowing an exception that allows online services to collect persistent identification codes for children for certain internal operations, such as product improvement, consumer personalization or fraud prevention, without parental consent.

The proposed changes would prohibit online operators from using such user tracking codes to maximize the amount of time children spend on their platforms. That means online services would not be able to use techniques such as sending notifications to mobile phones “to prompt the child to interact with the site or service, without verifiable parental consent,” according to the proposal.

It is not yet known how online services will comply with the proposed changes. The public has 60 days to comment on the proposed changes to the children’s privacy rule. Then the commission will vote on them.