Ineffective Updates: Efforts at Updating Children’s Online Privacy Rule Leads to More Circumvention

Wednesday, October 24, 2012, by Laura Arredondo-Santisteban

As people’s reliance on technology and Internet services for their daily tasks increases, pushes for greater Legislative involvement to take steps at protecting users personal information online have also increased. The Children’s Online Privacy Protection Act (COPPA), is just one of the various widely publicized online privacy measures, which was enacted to ensure that online website and internet operators were not taking advantage of children under thirteen’s vulnerabilities by collecting their personal information.  Currently, the Federal Trade Commission (FTC) is in the process of updating COPPA and receiving written comments on the proposed updates in an effort to maintain up to date with technology’s advancements.

Congress enacted the Children’s Online Privacy Protection Act in 1998 and gave the Federal Trade Commission (FTC) authority to issue and enforce the Children’s Online Privacy Protection Rule (COPPA Rule) by monitoring Internet compliance with the Rule and bringing law enforcement actions against violators when appropriate. Apart from seeking to protect children from divulging personal information online, the FTC states that the goal behind COPPA and the Rule is to place parents in control over what information is collected from their young children online.

In September 2011 the FTC announced in a news release proposed revisions to the COPPA Rule for the purpose of ensuring that “the Rule continues to protect children’s privacy, as mandated by Congress, as online technologies evolve.” The revisions symbolized the first significant change to the Rule since it was issued in 2000. The 2012 modifications target the Rule’s “operator,” “website or online service directed to children,” and “personal information” definitions.

In updating the current COPPA Rule, the FTC indicated its desire to “keep current with technology advances.” However, its methods for ensuring that children’s personal data remain protected have not evolved since its enactment in 2000.  Currently, there has yet to be developed an advanced form of age verification technology, which would make parental consent via email inadequate.  Nor has the FTC, in its updates, revisited or redrafted COPPA’s methods for obtaining verifiable parental consent. Online operators, like Facebook, seeking to comply with COPPA and avoid its large fines have responded by drastically limiting their services to children.  Studies have shown that what was has resulted from these actions, are many children lying about their age to access certain sites, like Facebook, and often doing so with help from their parents.

In a study focusing on Facebook and parental practices regarding their children’s access to the networking site, researchers noted that half of the parents surveyed reported that their children were on Facebook, and 72 percent of those parents whose children were on Facebook reported that their child joined Facebook when the child was younger than minimum required age of thirteen years. The study found that of those children who were under thirteen and on Facebook, 68 percent of the parents surveyed reported that they helped their child create the account and were notified upon the account’s creation that the minimum age required was thirteen.

The lack of cost-effective methods for obtaining parental consent as made it economically more beneficial for online and website operators of mixed audience sites to restrict their services to users below age thirteen.  Rather than providing parents greater control over their children’s online activities, COPPA has encouraged online operators to place limits on children’s access to their online services as a tradeoff for protecting their privacy and safety.  In order to address this problem, policy-makers should shift away from privacy regulation models that are based on age and work towards developing universal privacy protections for online users as a whole. Critics have argued that teens, and at times adults, are no less vulnerable to safety-risks posed by online marketers’ use of their personal data.  With an increasing percentage of online marketing and advertising networks relying on passive data collection methods, people often remain unaware of the extent there personal information is being shared online.  Although the FTC is in the process of updating its privacy protections for children under thirteen and expanding website and online operator’s obligations, as long as the methods of obtaining ‘verifiable parental consent’ remain economically inefficient and difficult to apply, operators will continue to apply age restrictions to their online services.