Simply Security - News, Views, and Opinions from Trend Micro

Posted on October 3rd, 2012 in Government Policy by Simply Security | Be the first to comment | Tags: Government Policy

The FTC is hoping to strike the balance between tech innovation and children's online privacy.

The Federal Trade Commission (FTC) is expected to unveil several amendments to the Children's Online Privacy Protection Act (COPPA) in the coming weeks in an effort to counterbalance some of today's more controversial digital marketing tactics. While the public comment regarding these proposals has been generally positive, a number of prominent critics worry that regulators may go too far toward inhibiting innovation on the path to improved data protection.

Call to action

The demand for regulatory intervention has picked up considerable steam in recent months as privacy advocates and the general public have become more aware of the scope and frequency with which websites and mobile applications are collecting personally identifiable information. From names and email addresses to photographs and geolocation data, marketers are pushing the envelope in directions that COPPA rules were not originally designed to cover.

"Today, almost every child has a computer in his pocket and it's much harder for parents to monitor what their kids are doing online, who they are interacting with and what information they are sharing," Mary Engle, FTC associate director of advertising practices, told the New York Times. "The concern is that a lot of this may be going on without anybody's knowledge."

The data collection practices in question are by no means relegated to the dark corners of the Internet, either. Data privacy advocates filed a formal complaint last month against McDonald's in relation to a website campaign which allowed kids to upload pictures of themselves in order to "star in a music video," according to the Times. Perhaps more concerning was the fact that these images were stored in publicly accessible directories.

An independent analysis conducted by staff reporters also revealed that websites managed by Disney and Nickelodeon each utilized at least a half dozen separate tracking tools, including partnerships with prominent analytics companies specializing in the segmentation of audiences for advertisers.

Proposed changes

According to TechNewsWorld, a number of the proposed COPPA amendments are aimed at getting parents more involved in the equation. For example, website operators could obtain consent by having parents supply a form of government-issued identification, such as a partial Social Security number, to confirm that they have authorized their child's online activities.

Websites may also start collecting parents' contact information for the purpose of delivering relevant updates regarding the online services their son or daughter is subscribing to or how data collection practices are evolving. According to TechNewsWorld, there would also be clauses to ensure none of the information supplied by parents would be used for anything other than regulating their kid's online activities.

According to Multichannel News, the FTC has also taken under advisement a new framework which would make it easier for websites to differentiate between website visitors so that content meant primarily for families and adults would not be subject to all of the rules relating to users under the age of 13.

Finally, the FTC plans to revise some of its more technical definitions to reflect how websites are using the data they collect. For instance, some of the elementary information gathered automatically to inform and support the basic end-user experience and may not need to be subjected to the same level of oversight.

Critical reception

When the FTC opened the floor to public debate late last month, there was no shortage of opinions submitted. One of the more substantial responses came from a group of more than a dozen consumer data protection and child advocacy organizations led by the Center for Digital Democracy (CDD), Privacy Rights Clearinghouse and the American Academy of Child and Adolescent Psychiatry.

"[We] generally support the [FTC's] revised proposals, including the [FTC's] proposed definition of 'personal information' to include persistent identifiers used for functions other than or in addition to support for the internal operations of the website or online service," the group stated in its collective response. "We … do not support the newly revised proposal to redefine 'support for internal operations,' because the newly proposed definition would create a large loophole that could allow operators to engage in behavioral advertising to children."

The CDD-led group also sought additional clarification on how third-party players, such as ad networks and plug-in providers, will be held accountable for their role in the facilitation of data collection efforts targeting younger audiences.

At the other end of the spectrum, several prominent tech firms were focusing on the age-old debate between innovation and regulation, suggesting that the FTC's renewed vigor could have unintended consequences for technological progression across the country. According to Multichannel News, the National Cable and Telecommunications Association and Motion Picture Association of America argued that the current COPPA statutes have been largely effective and that the perceived benefits of extending the "regulatory regime" do not outweigh the adverse impact it could have on the quality and viability of content producers are able to provide.

Additionally, the groups insisted that expanding the definition of personal information to include persistent identifiers such as IP addresses could greatly inhibit the ability to distribute content across multiple devices and platforms – a fundamental value proposition for today's website operators.

Data Security News from SimplySecurity.com by Trend Micro