FTC Closes Loophole That Let Website Plug-Ins Collect Personal Info About Kids Under 13

The Federal Trade Commission has announced updates to the Children’s Online Privacy Protection (COPPA) Rule intended to bolster the privacy protections for Internet users under the age of 13 while giving parents greater control over what information websites and online services collect from these kids.

Among the biggest changes to COPPA is one that closes an existing loophole allowing operators of kid-directed apps and websites to permit third parties to collect personal information from children through plug-ins and ad networks without parental notice and consent.

The FTC has also expanded the definition of “personal information” that cannot be collected without parental notice and consent, to include geolocation information, photographs, and videos. Additionally, “persistent identifiers” like IPs addresses and mobile device IDs, which can be used to identify a user across multiple websites and platforms, are are now covered by COPPA rules, except in instances where the identifier is used solely to support the internal operations of the site or service.

“The Commission takes seriously its mandate to protect children’s online privacy in this ever-changing technological landscape,” said FTC Chairman Jon Leibowitz. “I am confident that the amendments to the COPPA Rule strike the right balance between protecting innovation that will provide rich and engaging content for children, and ensuring that parents are informed and involved in their children’s online activities.”