The agency repsonsible for enforcing COPPA, the Federal Trade Commission, has acknowledged that technology's evolution means it's time to change those rules to ensure children's online privacy remains protected. The FTC announced those changes Wednesday.
Among the most important part of the changes is that no notice or parental consent will be required if a website uses children's data "for the sole purpose of supporting the website or online service’s internal operations, such as contextual advertising, frequency capping, legal compliance, site analysis, and network communications."
The term "contextual advertising" is key -- it means websites such as Facebook can choose to allow children under 13 to use the site and deliver first-party advertising to those new young users.
However, only contextual ads are allowed -- without parental consent, behavioral advertising is still expressly forbidden. The difference? Contextual ads are designed to serve up content relevant to what's on a given page, whereas behavioral ads are based on a wealth of data collected about a given user's Internet browsing habits and perceived interests.
Facebook itself previously requested the FTC to include specific language on the subject. Also note that Facebook and other sites aren't barred from allowing children under the current COPPA rules, but many decide to ban them because it's easier than complying with COPPA.
What else is in the new COPPA?
In the mobile realm, parents need to give an app approval before it collects their children's geolocation information, photos or videos. The new rules offer companies a "streamlined, voluntary and transparent approval process" to get that approval. Children's IP addresses and mobile device identifiers will also receive COPPA protection.
A loophole that allowed third-party data brokers to collect information about children through plug-ins on websites and mobile apps is being closed. In some instances, those third-parties will also have to comply with the rest of the COPPA rules as if they were directly interacting with children.
Those rules, however, don't ban websites from releasing children's data to other firms, but they do require websites take "reasonable steps" to ensure such data is shared "only to companies that are capable of keeping it secure and confidential." The FTC also made sure to note the rule does not apply to Apple's App Store or Google Play, which it says "merely offer the public access to child-directed apps."