Advocacy group Center for Digital Democracy is gearing up to start monitoring Web companies and services to determine whether they are complying with Federal Trade Commission's new children's privacy rules.
In addition to examining Web companies itself, the organization is asking dozens of other watchdogs to police sites and services that are used by children under 13. “There are a lot of child-directed Web sites and apps out there, so we are going to need all the help we can get making sure that after July 1, all are following the new children’s privacy rules,” the group said in an 18-page legal guide to the Children's Online Privacy Protection Act.
Jeff Chester, executive director of the Center for Digital Democracy, says the legal guide was sent this week to 60 watchdogs. He adds that the document will help other advocates “be the COPPA cop on the beat.”
He says he expects advocates to initially focus their efforts on the largest children's sites, like Viacom's Nick.com. Chester's organization recently filed FTC complaints alleging that some of the biggest Web sites for children -- including Viacom's Nick.com, and Turner Broadcasting's CartoonNetwork.com -- collect email addresses of children as part of refer-a-friend marketing campaigns.
The 13-year-old COPPA prohibits Web site operators from collecting personal information from children, but tasks the FTC with defining the term. The new regulations, which take effect next month, broaden the definition to include photos, geolocation and some persistent identifiers, like “anonymous” cookies. The rules mean that companies must obtain parental consent before asking children to upload photos of themselves, or using geolocation tracking. As with the prior regulations implementing COPPA, companies still are not allowed to ask children to provide names, email addresses, phone numbers or street addresses without their parents' consent.
The new definition of personal information also effectively prohibits Web sites, app and ad networks from using behavioral targeting techniques on children under 13, absent parental consent.
The rules apply at all sites and services that are directed to children. The regulations also apply to sites and services that draw an audience of adults, as well as children, but only if companies know they are collecting data from children.
While advocates gear up to enforce the new rules, some ad industry representatives say they aren't certain how to comply -- particularly with the regulations that treat some cookies set by ad networks as personal information. One of the industry's main concerns is that Web site operators and app developers don't always know in advance whether the ad networks or exchanges they use also collect data from children's sites, according to attorney Alan Chapell.
He adds that many networks and exchanges may simply decide to simply stop serving ads to child-directed sites. “A number of third-party data companies are going to do everything they can not to touch any of those sites,” says Chapell, who advises ad networks and other intermediaries.
Earlier this year, ad industry groups asked the FTC to delay the start date of the new rules for six months. The FTC denied that request in May, but said at the time that it will use “prosecutorial discretion in enforcing the rule, particularly with respect to small businesses that have attempted to comply with the rule in good faith.”
Separately, the video game industry's self-regulatory group, Entertainment Software Rating Board, said this week that it will help members comply with the new rules. Doing so could require a company to rewrite
For instance, a company that invites children to upload photos of themselves might now need to revise its disclosures to parents. She adds that her group is in the process of evaluating which ad networks comply with COPPA. Companies that meet the ESRB's standards can obtain a "seal" from the organization.