Once upon a time, there was a COPPA Rule. It was enforced by the FTC and lo, many beheld it to be out-of-date and unworkable.
Yet hark! The FTC spread tidings throughout the land that the COPPA rule would be modified and updated. Hither and yon, the knights and viziers of the kingdom didst scurry and submit many a wise and sage counsel unto the FTC.
The FTC, hearing the many goodly advices of the gathered masses, did hearken to their pleas. And so I announce unto you a fresh request from the FTC, beckoning the gentlefolk of the kingdom to once again take heed unto its modified rule and pronounce it good.
Thusly do they wish to revise the definitions within the Rule:
- Change the definition of operator to encompass situations in which the information is collected in the interest of, as a representative of, or for the benefit of, the operator. (This is targeted directly at third party ad services or plug-ins that may collect personal information on a child-directed website.)
- Define as an operator of a child-directed website any website or online service who knows or has reason to know that it is collecting personal information through a child-directed site or service. (This doesn't require proactive age screening by third party services, but does bring in COPPA if there is "reason to know.")
- Change the definition of personal information to include screen or user name where it acts as an identifier that permits direct contact with a person online.
- Combine the sub-definitions of personal information in proposed paragraphs (g) and (h) covering persistent identifiers, and to broaden the definition of support for internal operations. (This is intended to allow things like IP address collection and cookies for the purpose of personalization and preferences, while still controlling collection for behavioral targeting or other purposes.)
NOTE: If you need a primer, we posted an update back in May that described the history of the proposed COPPA updates and other privacy bills that have been put forward.