Washington, DC — Today, the Federal Trade Commission unveiled its modifications to the Children’s Online Privacy Protection Rule (COPPA) mandated by Congress in the Children’s Online Privacy Protection Act of 1998. The new rules are scheduled to go into effect July 1, 2013. CDT supports the FTC’s effort to update COPPA to address the more sophisticated data collection practices on the modern Web. We also appreciate the careful balancing the FTC did to try to reconcile a wide array of concerns from civil society and industry.
However, we are concerned that the updated definition of when a website is “directed to children” could expand COPPA’s reach to general audience sites and confuse website owners as to whether these new rules apply to them. This uncertainty will likely prompt more sites to take advantage of the Commission’s new age-screening safe harbor, which could lead to many more sites demanding age or identifying information from all users before allowing access. Requiring age verification from every user runs counter to the First Amendment right to access information anonymously and increases the collection of potentially sensitive information generally. The new rule’s uncertainty is magnified for third party plug-in operators, who may now be liable for the decisions of publishers to embed their plug-in on sites directed to children.