Some websites and mobile app developers are confused about how to comply with revised rules governing the online collection of personal information from children that took effect in the U.S. Monday, critics said.
The U.S. Federal Trade Commission, under updated regulations for the Children's Online Privacy Protection Act (COPPA), is restricting targeted advertising aimed at children and requiring that websites and mobile apps take extra care when handling children's cookies, geolocation information, photos and other identifying information.
The FTC last updated the FAQ about complying with the new rule just weeks ago, said Morgan Reed, executive director of the Association for Competitive Technology (ACT), a trade group that represents mobile app developers. App developers continue to have questions about how to comply with the revised rules, he said.
"How do we make the goals of COPPA function in a technological world where a parent might hand their tablet computer from the front seat of the car to the back seat of the car?" Reed said. "How does the developer know when he has to change behavior ... when that tablet goes over the divider?"
The FTC seems to be updating the FAQ "willy-nilly," added John Feldman, a technology-focused lawyer at law firm Reed Smith. In some cases, the FAQ seems to add requirements that weren't in the rule the FTC approved in December, he said.
The FTC didn't immediately respond to a request for comments on criticisms about the new rules.
Online businesses should focus on the big-picture issues with the new regulations, which limit the online tracking of children and eliminate targeted advertising aimed at them without parental consent, Feldman said.
Still, Feldman believes the FTC will give some companies time to work out compliance issues. "Those who are seeking to comply and are making bona fide efforts in that regard -- and can demonstrate that through documentation of modified procedures and monitoring practices -- will probably get more latitude for an extended timeline than those who are simply wringing their hands," he said.
COPPA, passed in 1998, requires that websites and online services that are either directed at children under 13 or have actual knowledge that they are collecting personal information from children under 13 give notice to parents and get their consent before collecting, using or disclosing that information.
The revised rules define cookies, geolocation information, photos, videos, audio recordings, IP addresses and mobile device IDs as personal information that websites and service providers must get parental consent to collect. The changes also closed what the FTC calls a "loophole" allowing third-party plug-ins to collect children's information without parental consent.
Sign up for Computerworld eNewsletters.