IAB: Proposed Children's Privacy Rules Undermine Business Model
The Interactive Advertising Bureau has weighed in against a Federal Trade Commission proposal to regulate Web companies' ability to use behavioral advertising techniques on children younger than 13.
Imposing new limits on behavioral advertising "would restrict children’s access to online resources by undermining the prevailing business model," the IAB argues in written comments filed this week with the FTC.
The industry group's filing comes in response to FTC proposals to update rules implementing the Children's Online Privacy Protection Act. That law, which went into effect more than 11 years ago, bans Web site operators from knowingly collecting "personal information" from children without their parents' permission, but empowers the FTC to define the term "personal information."
Currently, names, email addresses, street addresses and phone numbers are considered personal information. But last year, the FTC proposed broadening the term to include any "unique identifier" that can link the activities of a child across more than one site -- such as tracking cookies, device serial numbers and, in some cases, IP addresses. If that definition goes through, companies won't be able to employ behavioral targeting techniques to serve ads to children without first obtaining their parents' consent.
The IAB says the new proposed definition isn't consistent with the statute because children can't be contacted based on cookies or IP addresses alone. “Persistent identifiers permit the delivery of content and advertising to a device, not to an identified individual," the IAB argues.
The trade group also opposes the FTC's proposal to hold publishers liable when ad networks or app developers violate COPPA. The IAB says that recommendation would "pose technical challenges to the effective functioning of the online ecosystem."
The group says those challenges are especially problematic where publishers don't themselves collect information from visitors, the IAB argues.
The FTC additionally proposed a regulation prohibiting ad networks from collecting information from children, provided the networks have "reason to know" they have a presence on sites directed to kids. The IAB argues that the reason-to-know standard -- which is broader than a standard requiring actual knowledge -- is inappropriate, given that ad networks aren't targeted toward children.
But other commenters say the proposals don't go far enough.
A coalition of 17 advocacy groups argue that ad networks should obtain parental permission before collecting data, regardless of whether they have reason to know they are present on sites directed at children. "If third-party information collectors could be relieved from COPPA liability by claiming they did not know how their plugins were being utilized or where advertisements were placed, they would have an incentive not to know or find out this information," the groups say.
The organizations, including The Center for Digital Democracy, American Academy of Child and Adolescent Psychiatry, Consumers Union, and Public Citizen, also argue in their written comments that the COPPA regulations "must be updated to include persistent identifiers" as personal information.
"When marketers use information collected about an individual to display an advertisement chosen to appeal to that person at that time, they are contacting a specific individual online, even if they do not know the person’s full name," the groups argue.