About AEF | Newsletter | Site Map | Legal | Advanced Search
Print Version

New Rules on Kids' Web Ads

Social networks and Internet advertisers are likely to face new restrictions on how they interact with children online.

The Federal Trade Commission is expected to announce Wednesday new rules that close loopholes that currently allow companies to gather information despite a 1998 law that was supposed to protect kids' online footprint.

The rules could affect popular features such as Facebook Inc.'s FB -3.62%"Like" button, as well as new social networks for playing games on smartphones.

Websites aimed at children already have to get parental consent before gathering information—such as name and email address—from users under 13 years old.

But the original law, known as the Children's Online Privacy Protection Act, hasn't adapted to advances in Web technology and marketing.

Those advances have allowed so-called third parties to gather data without parents' knowing. For example, some iPhone games popular with kids, include the option to join social networks that collect personal data from users without asking for a parent's permission.

.An investigation by The Wall Street Journal in 2010 found that popular children's websites installed more data-gathering technology on computers than websites aimed at adults.

"Now everybody's got a computer in their pocket," said Mary Engle, head of the FTC's advertising practices division, which enforces Coppa. "There are so many more opportunities for kids to provide information online."

Under the proposed rules, which could go into effect after a 30-day comment period:

• Third parties like advertising networks or Facebook that know or have reason to know they are attaching software to children's websites won't be allowed to collect any personal information without first obtaining parental consent. Currently, many websites secure consent by sending an email to an address provided by the child.

• Those third parties will be responsible for any unlawful data collection. The rules will also make the host website responsible for those infractions.

• The FTC will tighten proposed rules prohibiting advertising to children based on their previous online behavior.

Online companies and advertisers have already begun pushing back against the rules, which have been under discussion for years. They say that industry standards already prohibit many of these practices, such as targeting ads to kids based on their browsing behavior.

Facebook, in a filing with the FTC in December, spent four pages arguing that software such as its "Like" button should be exempt from Coppa. Data gathered by such software isn't used to target ads based on users' behavior, Facebook said. Exempting the software from Coppa, Facebook said, "would create more legal certainty for operators and facilitate the development of innovative, engaging online content for teens."

Congress passed Coppa in 1998 after the FTC found sites such as GeoCities Corp.—a personal website company in the 1990s—were improperly collecting data from kids. But back then, online marketers didn't have the same capacity to collect and exploit customers' personal data.

Personal data is now harvested across the Web and on smartphones by any number of advertising networks and information brokers. That flow of data underpins a lucrative online advertising business that supports much of the content available on the Internet.

The FTC earlier this year investigated a social network called OpenFeint over possible Coppa violations. The agency said this week it was closing the investigation without taking an enforcement action in part because the existing Coppa rules aren't sufficiently clear over whether software such as OpenFeint is covered.

OpenFeint was acquired last year by Japanese gaming giant Gree Inc. 3632.TO +0.24%for $104 million. Gree declined to comment.

Privacy advocates are concerned the FTC lacks the resources to vigorously enforce the law.

Under Coppa, the FTC has brought 19 cases in which companies or individuals were charged with violations of children's privacy laws.

Sometimes companies aren't ordered to pay civil penalties at all, and when they are the fines are often not very expensive.

In 2008, Sony BMG Music Entertainment agreed to pay $1 million as part of a settlement to resolve FTC charges that it improperly collected information on its websites from at least 30,000 children under 13.

The largest penalty to date issued for a violation of Coppa came last May when Walt Disney Co. DIS -0.42%subsidiary Playdom agreed to pay $3 mi ion to settle FTC charges that on 20 websites it illegally collected and disclosed personal information from hundreds of thousands of children without parents' consent.

"How industry has treated this law all along is they have not embraced it," said Denise Tayloe, chief executive of Privacy Vaults Online, a McLean, Va., firm that consults companies on how to comply with Coppa. "They've looked for ways to scoot around it."

Lorrie Faith Cranor, an associate professor at Carnegie Mellon University who studies online privacy, said that enforcing Coppa has always been a challenge. "There are a lot more gray areas where it is difficult to enforce," she said. "Some more guidance would be helpful."


Anton Troianovski, The Wall Street Journal. August 1, 2012

Copyright © 2012 Dow Jones & Company, Inc.. All rights reserved.