The Federal Trade Commission (FTC) has proposed changes to the Children’s Online Privacy Protection Rule (COPPA Rule) to strengthen children’s privacy and limit companies’ ability to monetize children’s data. The proposed changes include prohibiting the collection of more personal information than necessary for a child to participate in an activity, clarifying the meaning of “activity,” and limiting the support for the internal operations exception. Operators would be required to provide an online notice stating the specific internal operations for which a persistent identifier is collected and ensuring it is not used for targeted advertising. Push notifications to children encouraging increased service usage would also be prohibited.
The FTC has also proposed changes related to Ed Tech, aiming to prohibit the commercial use of children’s information and implement additional safeguards. Schools and school districts would be allowed to authorize ed tech providers to collect, use, and disclose students’ personal information only for educational purposes. The proposed rule would increase transparency and accountability for COPPA Safe Harbor programs and strengthen data security requirements.
The proposed changes would mandate operators to establish a written children’s personal information security program and limit data retention to fulfill the specific purpose for which it was collected. Operators would be required to establish a written data retention policy and would be prohibited from using retained information for any secondary purpose. The FTC also plans to expand the definition of “personal information” to include biometric identifiers and consider various factors when determining if a website or online service is directed to children.
The public will have 60 days to submit comments on the proposed changes to the COPPA Rule after the notice is published in the Federal Register. The Commission voted 3-0 to publish the notice of proposed rulemaking, and Commissioner Alvaro Bedoya released a statement. The lead attorneys on this matter are Manmeet Dhindsa and James Trilling in the FTC’s Bureau of Consumer Protection.