US internet rules will restrict data collection on young users

New regulations restrict information apps can collect from children, but critics say they will stifle innovation and increase costs for consumers

PUBLISHED : Sunday, 30 December, 2012, 12:00am
UPDATED : Sunday, 30 December, 2012, 6:46am

Unbeknown to the lucky children who unwrapped tablets or smartphones this holiday season, new rules issued by Washington to protect their privacy on those devices could have profound implications for the future of the internet and mobile apps.

The Federal Trade Commission recently updated the 14-year-old Children's Online Privacy Protection Act rule, or COPPA, to cover smartphones and social media. The revised rule expands the list of "personal information" that cannot be collected from children under 13 without parental consent to include location, photographs and videos.

It forbids child-directed apps and websites to track children's activities on the internet or to pass their data on to other companies without their parents' knowledge. Third-party operators will also be liable for information gathered from child-oriented sites.

Privacy advocates say the changes set the stage for adult consumers to demand the same kind of privacy protection.

The technology industry, which lobbied against the changes, warns over-regulation of data collection will stifle innovation, increase costs for consumers, and put app developers and websites out of business.

"We suspect this will dramatically diminish the number and kind of new education tools which are built for kids," said Tim Sparapani, vice-president for law policy and government relations with Application Developers Alliance, an industry association. "We were in the midst of an incredible innovative cycle which had great potential for advancing educational apps for free or nearly free. ... The FTC's actions threaten to grind that to a halt."

Companies would have to hire lawyers and designers and build special servers to comply with the new regulations, he said.

Online advertising models rely on data culled from browser cookies, IP addresses and click histories to provide targeted ads to consumers based on their location, past purchases, web-surfing habits and other details.

A report issued earlier this month by the FTC found many mobile apps for children collect information without letting parents know who has access to the data or how it will be used.

Almost 60 per cent of the apps reviewed by FTC staff transmitted data from a child's device back to the app developer or to an advertising network, analytics company or other third party. Using information from multiple apps, third parties could develop detailed profiles of users based on their behaviour in the apps

This practice of digital profiling is at the heart of an ongoing US battle over whether data mining should be regulated by the government, and if so, how.

Senate Commerce Committee chairman Jay Rockefeller, introduced a bill in 2011 that would task the FTC with creating a "do not track" option online, a concept modelled on the agency's do-not-call registry, which allows consumers to opt out of phone calls from telemarketers. Consumers would have to give explicit permission for their personal information to be used by websites or apps for targeted ads.

The legislation stalled in Congress, but the Obama administration and FTC officials are pushing for the industry to establish a voluntary "do not track" standard.

With the revised rule, the FTC broke new ground by defining data such as IP addresses and mobile device IDs as private information, said Daniel Castro, senior analyst at the Information Technology and Innovation Foundation think tank. The agency also put limits on targeted advertising, making it less attractive for third parties to do business with developers, he said.