WASHINGTON – The lucky children who unwrapped tablets or smartphones this holiday season may not know it, but new rules issued in Washington to protect their privacy on those devices could have profound implications for the future of the Internet and mobile apps.
The Federal Trade Commission recently updated the 14-year-old Children's Online Privacy Protection Act rule, or COPPA, to cover smartphones and social media. The revised rule expands the list of "personal information" that cannot be collected from children under 13 without parental consent to include location, photographs and videos. It forbids child-directed apps and websites to track children's activities on the Internet or to pass their data on to other companies without their parents' knowledge. Third-party operators also will be liable for information gathered from child-oriented sites.
Privacy advocates say the changes set the stage for adult consumers to demand the same kind of privacy protection themselves.
The tech industry, which lobbied against the changes, warns that overregulation of data collection will stifle innovation, increase costs for consumers and put some app developers and websites out of business.
One trade group, the Interactive Advertising Bureau, published a cartoon that depicts Santa wielding a mallet labeled "NEW REGS" to smash children's tablets and smartphones. The distraught youngsters clutch their broken devices and wail as a grinning elf offers them a box of safety goggles. "Don't let the FTC steal Christmas," the caption reads.
"We suspect this will dramatically diminish the number and kind of new education tools which are built for kids," said Tim Sparapani, vice president for law policy and government relations with Application Developers Alliance, an industry association.
"We were in the midst of an incredible innovative cycle which had great potential for advancing educational apps for free or nearly free. The FTC's actions threaten to grind that to a halt," he said.
Companies will have to hire lawyers and designers and build specially designed servers in order to comply with the new regulations, Sparapani said. "That might be the difference between you staying in business and thriving and hiring new people and closing up shop."
Online advertising models rely on data culled from browser cookies, IP addresses and click histories to provide targeted ads to consumers based on their location, past purchases, Web-surfing habits and other details.
A report issued earlier this month by the FTC found that many mobile apps for children collect personal information without letting parents know who has access to the data or how it will be used.
Almost 60 percent of the apps reviewed by FTC staff transmitted data from a child's device back to the app developer or to an advertising network, analytics company or other third party. Using information from multiple apps, the third parties could develop detailed profiles of children based on their behavior in the apps, the report stated.
This practice of digital profiling is at the heart of an ongoing battle in Washington over whether data mining should be regulated by the government and, if so, how.
Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., introduced a bill in 2011 that would task the FTC with creating a "Do Not Track" option online, a concept modeled on the agency's Do Not Call registry, which allows consumers to opt out of phone calls from telemarketers. Consumers would have to give explicit permission for their personal information to be used by websites or apps for targeted ads.
The legislation stalled in Congress, but the Obama administration and FTC officials are pushing for the industry to establish a voluntary "Do Not Track" standard.
It's part of a growing focus on privacy at the FTC, which this year reached settlements with Internet giants Google and Facebook for privacy violations and opened an inquiry into data brokerage firms that collect, analyze and sell consumers' personal information.