COPPA is the Children's Online Privacy Protection Act, enacted in 1998 in order to restrict the collection and use of data collected from children 13 and under.
We posted an update here almost one year ago, noting that COPPA was still under review after a series of comments and roundtables. Final comments were due under an extension as of December 23, 2011.
Now, almost two years since the original review period started, H.R. 1895, the Do Not Track Kids Act is still sitting around in the House Subcommittee on Commerce, Manufacturing, and Trade. Bottom line for those who are subject to COPPA (commercial websites with a kid-targeted audience), keep the status quo, but be prepared for changes.
One big proposed change is the increase the age from 13 to 15. Another key change is to include IP addresses as part of the definition of "personally identifiable information." And finally, the Bill introduces the concept of an "eraser button," which would theoretically be built into every website, social network, and platform across the web, allowing users to delete their own data at will, at any time (this idea is included in the adult privacy legislation currently working its way through Congress as well).
Of note, HR 1895 doesn't define (or redefine) "verifiable consent," something which was highlighted in the roundtable discussions. When COPPA was originally enacted, digital signature technology was still in its infancy, and there has been much discussion of whether using credit card or social security number verification would be stronger. This is still a regulatory area to watch.
As technologists, we are keeping a close eye as privacy legislation develops, and we'll always ensure that our platforms facilitate COPPA compliance efforts for our clients who are subject to it.
I've included a brief video below, a peek into how Congress is thinking about the issue of children's online privacy. It will certainly be interesting to see how the regulations evolve to deal with the fast pace of technology evolution.