Many preteens have dived into the expanding worlds of social networks and smartphone apps, but federal rules designed to protect their privacy are still in the era of Web portals and flip phones.
Now, regulators want an update.
The Federal Trade Commission on Thursday proposed tougher privacy protections for children younger than 13, broadening requirements covering the collection of personal information by websites and online apps, as well as how they obtain parental approval.
Kristen Giatzis, 45, of Walnut Creek describes herself as “not an overly conservative mom” to her three daughters, ages 8, 12 and 15. But she welcomes tougher federal privacy rules for their online activity.
She says she’s trying to teach her children how to protect themselves online, but it’s nearly impossible to ensure they’re not vulnerable on social networking sites and mobile applications on their phones.
“I think it will be a hard thing to regulate,” said Giatzis, a freelancer in marketing and advertising. “There has got to be a balance between teaching our kids and not having them preyed upon.”
The new rules, which are likely to be given final approval by the FTC after the public comment period ends in November, address the sweeping technological changes that have taken place since the agency last reviewed the landmark Children’s Online Privacy Protection Act six years ago.
The agency is expanding the definition of personal information to include the geolocation data transmitted by mobile apps that pinpoint exactly where a child is or has been. And it clarifies that apps, such as online games or those that receive behaviorally targeted ads, are online services covered by the restrictions.
“In this era of rapid technological change, kids are often tech-savvy but judgment-poor,” said FTC Chairman Jon Leibowitz.
The commission is trying to strike a balance, aiming to help “parents protect their children online, without unnecessarily burdening online businesses,” he said.
Privacy advocates applauded the proposed changes.
“They brought the children’s privacy rule into the 21st century,” said Jeff Chester, executive director of the Center for Digital Democracy, which advocates for tougher privacy protections for children.
As preteens spend more time online and on their mobile phones, they’re increasingly likely to divulge personal information and more at risk of being exposed to inappropriate content and advertising, children’s advocates say.
The industry, in the meantime, has come up with new tactics to gather data to sell advertising.
The FTC recently reached a $50,000 settlement with W3 Innovations for collecting information about children younger than 13. Earlier this year, the agency got a record $3-million settlement from online game developer Playdom, now a division of Disney, for violations.
Existing rules require website operators and online service providers to get the consent of parents before collecting personal information from children younger than 13.
Facebook forbids children under 13 from signing up, but surveys show they do anyway. Consumer Reports estimated in May that Facebook had 7.5 million active underage users, more than 5 million under 11. In March, Facebook told the Australian federal parliament’s cybersafety committee that it removes 20,000 underage accounts each day.
Facebook spokesman Andrew Noyes said the company would review the proposals. “We support the efforts of the FTC and others to improve protections for young people online while helping them benefit from new services and technologies,” he said.
The Direct Marketing Assn., which represents businesses and organizations that do online and traditional marketing, also said it supported children’s privacy protections. But it objected to one proposed change: expanding the definition of personal information to the unique IP address of each Internet-enabled device.
The group argues that devices can be used by multiple people, including children and adults. But the FTC determined that IP addresses can allow contact with a specific person, and that families are moving from a single, shared personal computer to personal, Internet-enabled devices, such as smartphones, for each family member.
The new rules would add some flexibility for websites. They let children younger than 13 participate in interactive communities without parental consent as long as the site takes “reasonable measures to delete all or virtually all children’s personal information before it is made public.”
But Alan Webber, an analyst with Altimeter Group, said expanding privacy protection for children without overly impeding businesses was “a Herculean task.”
“If the FTC’s proposed revisions ... go through, companies such as Facebook, Google and others are going to have to put more stringent fences up to keep kids out and then audit what data they do collect,” he said.