Last month I wrote about the proposed changes to the US COPPA legislation. To quickly remind you: new rules to better protect children against the collection of their personal data online are being proposed by the US Federal Trade Commission (FTC), including changes to the definition of personally identifiable information. These much-needed changes will have far-reaching effects throughout the digital world, but unfortunately there may also be some potentially detrimental effects on smaller organisations and children's online services. If you haven't got yourself up to date on this yet, do read my post.
Subsequent to my last piece, on August, FOSI - The Association for Competitive Technology and the Family Online Safety Institute - hosted a panel discussion on August 9 to brief lawmakers, staff, and interested parties about the FTC's amended proposed changes. From the FOSI GRID blog post following the panel:
Some commentators have raised concerns that these proposed revisions could unfairly penalize small technology start-ups. Whilst big companies have the budget to ensure full compliance, many of the most dynamic companies in this space are small start-ups who do not have the funds to implement the revised rules and will thus be driven out of the market place.
There now follows a period of public comment on the Supplemental Notice of Proposed Rulemaking. On the back of this highly successful event, FOSI will make an official filing. The deadline for submissions is September 24 and you can make your comments here.
(By the way, I recommend FOSI's GRID - Global Resource and Information Directory - which is designed to create a single, factual and up-to-date source for governments, industry, lawyers, academics, educators and all those dedicated to making the internet a safer, better place.)
I did get in touch with FOSI to see if there was anything more to be gleaned (as I couldn't attend the panel) but, understandably, the contents of FOSI's submission must at this point remain confidential. Meanwhile, here is FOSI CEO Stephen Balkam's witness testimony to the House Energy and Commerce subcommittee on Commerce, Manufacturing and Trade in October 2011:
"We commend congress and the FTC for their work in providing reasonable government oversight through COPPA and its corresponding rule while encouraging self-regulation and promoting parental empowerment and children's responsibility. The FTC has continued to evaluate the effectiveness of the rule and proposed revisions where necessary... With reasonable government oversight the self-regulatory multi stakeholder approach currently championed in the US can succeed in protecting kids on the internet without impeding innovation. "
Along with many other interested parties, I'll be following this slowly-unfolding legislative drama, eager to find out the answers to some questions of my own. Of the top of my head, these are my musings:
- Will the 'email plus' verification system still be COPPA compliant?
- What would be alternatives to the 'email plus' system?
- How would this co-responsibility between (say) and app developer and the owner of the platform where the app is published work in practice? Who would be doing the verification and who would bear the cost and the responsibility?
- Apart from advertising behavioural cookies & geolocation markers, what else would be considered 'persistent identifiers' and become part of 'personal information'?
- How would a mixed age site effectively age screen users? As per Facebook, simply ask them, or would some verification be required?
- Would this US legislation inevitably effect ALL interactions with under 13s worldwide? Could site owners and app developers use geo-filtering to apply the legislative dictates purely to US residents?
If you've got any answers, do get in touch. Do you have any questions or comments of your own? Don't forget, the US government is seeking input by 24 September 2012 - so make your point here.