By Barbara Ortutay
The Federal Trade Commission is proposing sweeping changes to a decades-old law that regulates how online companies can track and advertise to children, including turning off targeted ads to kids under 13 by default and limiting push notifications.
The federal Children's Online Privacy Protection Act, or COPPA, requires kid-oriented apps and websites to get parents' consent before collecting personal information of children under 13. COPPA was enacted in 1998, went into effect in 2000 and was last updated a decade ago.
"Kids must be able to play and learn online without being endlessly tracked by companies looking to hoard and monetize their personal data," said FTC Chair Lina Khan in a statement. "The proposed changes to COPPA are much-needed, especially in an era where online tools are essential for navigating daily life — and where firms are deploying increasingly sophisticated digital tools to surveil children."
Children's online safety advocates applauded the announcement.
"The commission's plan will limit data uses involving children and help prevent companies from exploiting their information," said Katharina Kopp, director of policy at the nonprofit Center for Digital Democracy. "These rules will also protect young people from being targeted through the increasing use of AI, which now further fuels data collection efforts. Young people 12 and under deserve a digital environment that is designed to be safer for them and that fosters their health and well-being."
Here are some of the changes the FTC is proposing:
OPT-IN FOR TARGETED ADS
Apps, games and websites used by children would be required to obtain "separate, verifiable parental consent" to disclose information about kids under 13 to third-party advertisers, unless the disclosure is "integral" to the nature of the online service. And they won't be able to deny access to the games and apps just because parents don't agree to having their children's information disclosed — which is possible today.
LIMITS ON NUDGING KIDS TO STAY ONLINE
Operators would be prohibited from using online contact information and "persistent identifiers" such as cookies that track a child's activity online to send push notifications to children to prompt or encourage them to use their service more.
ED-TECH LIMITS
The FTC is proposing codifying its current guidance related to the use of education technology to prohibit commercial use of children's information, among other safeguards. The proposed rule would allow schools and school districts to allow educational technology providers to collect, use, and disclose students' personal information — but only for a school-authorized educational purposes and not for any commercial use.
DATA RETENTION RULES
The proposed rules would only allow companies to keep personal information for "as long as necessary to fulfill the specific purpose for which it was collected." They would also prohibit operators from using retained information for any secondary purpose, and it explicitly states that operators cannot retain the information indefinitely. The Rule would also require operators to establish a written, public data retention policy for children's personal information.
Barbara Ortutay is an AP technology writer
South Korea fines Meta $15 million for illegally collecting information on Facebook users
South Korea's privacy watchdog on Tuesday fined social media company Meta 21.6 billion won ($15 million) for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with thousands of advertisers.
It was the latest in a series of penalties against Meta by South Korean authorities in recent years as they increase their scrutiny of how the company, which also owns Instagram and WhatsApp, handles private information.
Following a four-year investigation, South Korea's Personal Information Protection Commission concluded that Meta unlawfully collected sensitive information about around 980,000 Facebook users, including their religion, political views and whether they were in same-sex unions, from July 2018 to March 2022.
It said the company shared the data with around 4,000 advertisers.
South Korea's privacy law provides strict protection for information related to personal beliefs, political views and sexual behavior, and bars companies from processing or using such data without the specific consent of the person involved.
The commission said Meta amassed sensitive information by analyzing the pages the Facebook users liked or the advertisements they clicked on.
The company categorized ads to identify users interested in themes such as specific religions, same-sex and transgender issues, and issues related to North Korean escapees, said Lee Eun Jung, a director at the commission who led the investigation on Meta.
"While Meta collected this sensitive information and used it for individualized services, they made only vague mentions of this use in their data policy and did not obtain specific consent," Lee said.
Lee... Read More