The Federal Trade Commission has approved revised rules that spell out the types of information that cannot be collected from children without their parents’ permission, an action meant to address privacy concerns in the constantly evolving era of smartphones, tablets, social media, and apps.
The new policies, announced Wednesday, seek to close loopholes that the agency says too often allow websites and online services to gather information improperly from students and turn it over to third parties for advertising purposes.
One significant change clarifies that the types of “personal information” that can’t be culled without parents’ approval include geolocation information, photos, and videos.
That restriction is important because those bits of personal information “could be used by those who would seek to cause physical harm to children,” said FTC Chairman Jon Leibowitz in a statement.
The agency, which seeks to protect consumers and curb deceptive and anti-competitive practices, also modified the rules so that they apply to “persistent identifiers,” that can reveal information about users over time and across different websites and services. Those identifiers include IP addresses and mobile device IDs, which can be used to build “massive profiles of children by behavioral marketers,” Leibowitz said.
"[L]et’s be honest: Some companies, especially some ad networks, have an insatiable desire to collect information, even from kids,” Leibowitz added. “Our children deserve better, and our great American technology companies understand that they can do better.”
Another change, the FTC said, will close a loophole that allows apps and websites directed at children to permit third parties to collect personal informaton from children through plug-ins, without parents’ permission.
The rules are based on a law approved by Congress, the Children’s Online Privacy Protection Act of 1998. That law gave the FTC the power to implement and periodically update rules pertaining to how the law is to be enforced. The newly approved amendments to the rules will go into effect on July 1 of next year.
The modified rules were approved a week after the FTC released a highly critical report arguing that mobile applications and entities throughout the technology industry often fail to prevent children’s personal information from being gathered and turned over to third parties, without parents’ knowledge.
Jeff Chester, the executive director for the Center for Digital Democracy, a watchdog organization focused on technology issues, praised the rules in a statement as a “major step forward,” while also voicing concerns about remaining loopholes that he said could continue to be exploited by the industry.
A version of this news article first appeared in the Digital Education blog.