Proposed COPPA Rulemaking Changes Could Stifle Innovation, Experts Say
The FTC’s proposed changes to the Children’s Online Privacy Protection Act (COPPA) rule would make navigating the law more difficult, panelists said at a Thursday event hosted by TechFreedom and the Information Technology and Innovation Foundation (ITIF). By including vague and broad language, panelists said, the proposed changes would make it difficult for operators of websites and apps to determine if they need to be COPPA-compliant, and, as a result, could decrease innovation in content for young Internet users.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The proposed changes “muddy” the lines on which companies need to be compliant and which don’t, said Center for Democracy and Technology Policy Counsel Emma Llanso. The proposals do this by expanding COPPA to websites with a disproportionate number of users who are young children or whose content is likely to attract young children, and plugins -- which can include ad networks and embedded YouTube videos -- that have “reason to know” that their products been incorporated into a site that is directed at children, she said, which “seems unfair."
This will only discourage plugins from allowing certain websites to use their products, said TechFreedom President Berin Szoka. To avoid the “unworkable obligation to prescreen sites and investigate complaints” under the proposed changes, he said, plugin operators would just block their products from appearing on sites that appear to be directed at children. This would hinder interactivity for children online and could pose questions about the law’s constitutionality if, to avoid compliance issues, operators blocked their plugins on websites for adults.
The changes will also affect app curation platforms, like Apple’s App Store, said Association for Competitive Technology (ACT) Executive Director Morgan Reed. When a curation platform comes across apps marketed towards young children, even COPPA-compliant ones, he said, the platform takes on liability under COPPA because it will have “reason to know” that the app is directed at children. Rather than taking on the liability, the platform will probably choose to exclude the app, he said, which diminishes the quantity and quality of content available for children.
Panelists disagreed whether the proposed changes concerning persistent identifiers were beneficial. Persistent identifiers, such as IP addresses, should be treated like Social Security numbers, said Alan Simpson, vice president-policy at Common Sense Media. It doesn’t directly connect an Internet user to contact information for the person accessing the online content, he said, but “it’s not very hard to do.” Reed disagreed, saying a persistent identifier is attached to a device and “doesn’t necessarily attach to a person.” A person can sell or lend his smartphone or computer to someone else without anyone knowing the owner is no longer the person behind that persistent identifier, he said: “I can’t do that with my Social Security number."
Industry members should be doing more to protect children online, said Simpson. If app and website operators find children’s online privacy measures this complex, imagine how difficult the issue is for parents to navigate, he said. Operators should build tools to inform parents about the information being collected from their children, he said, and these online tools should be built with “privacy by design.” The industry has “got to find new ways to inform parents,” Reed agreed, and ACT is “trying to do more.” He pointed to a new ACT project to develop icons and rating systems that clearly communicate to parents how their children’s apps are collecting and using information. But, Szoka said, placing the responsibility for education on industry members can be burdensome because creating and implementing “radically robust parental controls” is expensive.
Private companies are already going beyond COPPA to protect young users online, said ITIF Senior Analyst Daniel Castro. He cited measures such as industry-created seals of approval or moderated chatrooms. “These are things that industry is doing on its own,” he said, and these are “actually helping children the most.” And as companies are faced with increased compliance costs, they have to increase the very thing COPPA is partially aimed at controlling: advertising directed at children. “As there are more requirements put on these sites, there’s an increasing need for these sites to produce revenue,” he said, which they often do through a business model that relies on advertising to users.
Panelists were unsure if the FTC will meet its self-imposed deadline of year-end to finish COPPA rules. “I think we will see something by the end of the year,” Llanso said, but it could be another round of proposed changes rather than a new rule. Szoka said he hopes the FTC will wait to fully consider the consequences of the proposed changes and policy alternatives, rather than rushing to meet the deadline. “There’s no reason this has to be done before” FTC Chairman Jon Leibowitz leaves, he said.