Age Threshold Attracts Most Attention During COPPA Hearing
The FTC’s proposed changes to Children’s Online Privacy Protection Act regulations got support from some legislators and witnesses Wednesday at a hearing before the House Commerce Manufacturing Subcommittee, but some expressed concerns about its exclusion of children 13 and older and the absence of a provision tailored specifically for children’s geolocation information. The FTC hit the sweet spot with its proposals, said Chairman Mary Bono Mack, R-Calif. She commended the commission’s proposal to revise the definition of personally identifiable information and to annually audit the information practices of companies. “While some privacy advocates would like to raise the COPPA age threshold because of an increase in use of social networking sites by teenagers,” the FTC should take a “go-slow” approach, she said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Most sites that kids use for homework or communicating with friends require some sort of registration, said Ranking Member G.K. Butterfield, D-N.C. “Parents deserve to know what kind of personal information is being collected on their child and how it will be used."
The FTC proposal’s focus on children under 13 was a point of contention for some lawmakers, including Reps. Joe Barton, R-Texas, and Ed Markey, D-Mass., whose bill, HR-1895, extends COPPA’s privacy protections to teens. The bill gives these protections explicitly to teens and explicitly covers mobile applications, Barton said. “The commission hasn’t reached any conclusions as to what additional privacy protections teens will need,” said Mary Engle, associate director of the FTC advertising practices division. However, the agency is considering older children’s privacy in its broader view of privacy generally, she said. COPPA already covers mobile applications, she added: “We interpret them into the online services already covered by the rule.” The FTC hasn’t taken a position on HR-1895, Engle said.
The commission believes kids under 13 is the right cut-off, Engle said. Under COPPA, the child provides the parent’s email address in order for the operator to get the parent’s permission to interact with the child, she said. The concern is that if the age threshold is raised, “it may not work well,” because older children may supply their own email addresses or a friend’s, she said. Teens still need protection, said Alan Simpson, policy vice president at Common Sense Media. There are a lot of 13-15 year-olds “who are quite capable of making mistakes in this innovative space,” he said.
Geolocation information also is covered under COPPA, Engle said. The law “refers to physical location including street name and city or state and geolocation information is at least as precise as that,” she said. “What we have proposed is … adding geolocation as an element of personal information just to make that crystal clear."
There are ways that Congress could step in, said Stephen Balkam, CEO of the Family Online Safety Institute. Congress could increase funding for Internet safety and privacy education, including research into kids’ online behavior and attitudes, he said: “This would allow for all future legislative efforts to be founded on a factual basis.” FOSI does not support HR-1895, particularly its provision for an “eraser button” allowing users to eliminate their own content, he said. “We have serious concerns about parents taking teens off the Internet.”
Media and technology companies must do “far more to help parents and families protect children’s online privacy, in part, because they're in the best position to develop better technology, better tools and better information for users,” Simpson said. Industries lose when they violate a child’s privacy rights, said Hemanshu Nigam, CEO of SSP, an online privacy firm. The government should “consider whether existing regulations can be used to respond to and identify problems.” It should also consider whether regulations would create technical and implementation challenges or “lead to disincentives to provide a rich online experience for under 13,” he said.