The changes were intended to ensure that regulations designed for the desktop Web of the 1990s, when the Children’s Online Privacy Protection Act was passed, keep up with changing technology and to eliminate loopholes in current laws.
The new regulations add geolocation information, photographs, and videos to the list of “personal information” that cannot be collected about young users without parental consent. They also adds IP addresses and mobile device IDs to the list of persistent identifiers that reveal a user’s identify across different services.
The rules also forbid plug-ins or ad units to collect personal information from children through plug-ins without parental consent.
“I am confident that the amendments to the COPPA Rule strike the right balance between protecting innovation that will provide rich and engaging content for children, and ensuring that parents are informed and involved in their children’s online activities,” said FTC chairman Jon Leibowitz.
Privacy advocates, including the Electronic Privacy Information Center and Common Sense Media, which focuses on children’s privacy, lauded the new rules.
But the App Developers Alliance, an industry group, said the new rules place an undue burden on app makers.
“We are deeply concerned that the new regulations will be so expensive to implement and create so much risk that talented and responsible developers will abandon the children’s app marketplace,” the group said in a statement.
“In order to be COPPA compliant, many apps avoided collecting any information about kids and outsourced that to third-party analytics and ad networks. As of today, [the app makers] are now strictly liable for the data collection practices of those third-party sites,” said Tim Sparapani, vice president of law, policy and government relations at the App Developers Alliance.
He said the legal responsibilities would present a financial burden for smaller app developers.
Check out this video debate between supporters and opponents of the new rules.