By Angelique Carson, CIPP

Lawmakers, experts and regulators at a public forum in Washington, DC, yesterday agreed that the Children’s Online Privacy Protection Act (COPPA) is imperative and effective when it comes to keeping children safe, but more must be done—especially due to industry’s reluctance to self-regulate.

Co-chaired by Reps. Ed Markey (D-MA) and Joe Barton (R-TX),  discussion at the Bi-Partisan Congressional Privacy Caucus centered around how best to protect children online as well as the Federal Trade Commission’s (FTC) recent settlement with Facebook. 

The informal hearing ushered in the approaching end to the FTC’s public comment period December 23 on proposed amendments to the COPPA rule. Proposed changes include updating COPPA’s definition of personal information to address concerns including geolocation information and identifiers such as online cookies. The changes would also revise parental consent requirements; clarify the direct notice operators must give parents prior to collecting children's personal information; provide for new methods of obtaining parental consent, including electronic scans of parent signatures and videoconferencing, and strengthen rules on third-party security provisions as well as on FTC oversight of self-regulatory “Safe Harbor” programs.

Markey, who co-authored with Barton the Do Not Track Kids Online Bill bill—which proposes to ban behavioral targeting to minors and limit the collection of teens’ information to companies that adhere to Fair Information Practice Principles—opened by saying that behavioral marketing to children is unfair and deceptive, that websites should have clear and simple privacy policies and that the industry standard for privacy should be opt-in—especially for kids and teens. 

FTC Commissioner Julie Brill said a recent survey found that 55 percent of parents of 12 year olds reported that their child has a Facebook account—despite Facebook’s policy that users be 13 or older—and 76 percent of those parents assisted their child in signing up. 

“The fact that parents have been involved in assisting their young children in setting up Facebook accounts indicates that parents are seeking to be empowered,” Brill said. “That was the impetus behind the enactment of COPPA, to empower parents to make choices about how their children share information online.”

The information that websites communicate to parents and children must be clear and simple, said Alan Simpson of Common Sense Media. It’s work that would be best left up to the media companies themselves, Simpson said, which are most familiar with their own policies.

But despite calls for such action from advocates and regulators, “honestly, that leadership has been lacking,” Simpson said. “It really seems it’s time for the work from the commission and the leadership of this Congress that really need to move this forward...maybe the leadership needs to come from here.” 

Citing the influx of technologies and practices such as data mining and behavioral targeting since COPPA was enacted in 1999, American University’s Kathryn Montgomery said what’s needed is “a level playing field that ensures all companies doing business with young people are waging in fair business practices. We need to be very user-friendly and provide clear and granular disclosure and opt-in that’s really meaningful.” 

To EPIC’s Mark Rotenberg, a father of two, meaningful consent is a critical and complicated issue. It means the user is informed and capable of weighing decisions and consequences, and it’s a topic that deserves attention from lawmakers and regulators. 

“Kids online are very sophisticated about disclosure of information...the communications that happen online probably fly right by their parents in terms of what’s being said. But on the opposite side of the spectrum is the ability of kids to protect their interests with respect to service providers,” Rotenberg said. “There is actually no comprehension of how their data is being collected and used by service providers and no indication that kids are able to do anything meaningful online, so it’s so important that the FTC and (Markey and Barton’s) legislation and Congress generally continue to figure out this problem.” 

At the forum, Rotenberg also discussed the FTC’s recent settlement with Facebook, which prevents the social networking site from making “any further deceptive privacy claims, requires that the company get consumers’ approval before it changes the way it shares their data and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.”

Rotenberg called on the regulators to strengthen the settlement’s provisions and announced that EPIC would launch a campaign on the social networking site itself encouraging the commission to do so.

“We think it’s vital that you do, because when you finalize this order, that’s going to be pretty much it for the commission with the company in this field,” Rotenberg said, adding that a strong settlement could serve as a future legislative baseline. 

Brill closed by saying that when it comes to COPPA, enforcement is critical.

“I think the industry listens to the FTC when we do our enforcement work. We’re not just speaking to a particular company but to the entire industry. And industry is very responsive and really looks at what we do,” she said. “Particularly with respect to kids, COPPA works. We’re going to improve it. It’s not perfect.”