FTC unveils broader rules to protect kids’ privacy online


SAN FRANCISCO — In a major step to protect kids’ online privacy, the Federal Trade Commission has unveiled new rules that require mobile apps and websites to obtain parental consent before collecting personal information from children.

The agency’s chairman, Jon Leibowitz, said Wednesday that federal regulators were trying to keep pace with the growing use of mobile devices by those under age 13 — and the rapidly evolving tactics and tracking tools of marketers and data brokers that collect detailed dossiers on Americans and their online activities.

The new rules — the first major update to federal laws on children’s online privacy in 14 years — require a parent’s consent to collect those kinds of personal details that can be used to identify, locate or contact a child and pass that information on to third parties.


The FTC struck a balance between shielding kids from potential harm and ensuring that the marketplace for kids’ mobile apps and online services would continue to flourish, Leibowitz said during a Capitol Hill news conference.

Under the broader rules, the FTC said companies must get permission from parents before collecting photographs and videos as well as deploying tracking tools, such as cookies, which use IP addresses and mobile device IDs to follow a child on the Web.

Quiz: What set the Internet on fire in 2012?

The move comes one week after the agency said it was investigating mobile app developers who might have gathered information from kids without their parents’ consent. The agency did not name the companies or say how many it was investigating.

“We are at a critical moment in the growth of the children’s digital marketplace as social networks, mobile phones and gaming platforms become an increasingly powerful presence in the lives of young people,” said Kathryn Montgomery, a children’s advocate and a professor of communications at American University. “The new rules should help ensure that companies targeting children throughout the rapidly expanding digital media landscape will be required to engage in fair marketing and data collection practices.”

Federal regulators had not significantly updated online privacy rules for kids since 1998 when the Children’s Online Privacy Protection Act was enacted. That law required online services geared toward kids to notify parents and get their permission before collecting or sharing basic personal information such as names, email addresses or home addresses from those under 13.


The law did not envision today’s Internet in which the rapid adoption of mobile devices loaded with apps can relay a person’s location and other personal details highly prized by advertisers and data brokers. The FTC began a review of the law in 2010.

James Steyer, chief executive of Common Sense Media Inc., a nonprofit group in San Francisco that studies kids’ use of technology, said the new rules put parents — not corporations — back in charge as gatekeepers for kids.

“All of the companies and developers in the online and mobile space benefit from the share and use of personal information. But they also have a responsibility for providing parents with information and tools so they can make smart choices about what their young children do and share online, and so far, most of these companies have failed to live up to that responsibility,” Steyer said.

But software developers — many of whom are parents themselves — said the FTC is giving their industry, which makes products including educational tools and games for kids, a bad rap.

“It’s a little alarming that the FTC has chosen to paint all children’s apps with the same brush,” said Rick Richter, CEO of Ruckus Media Group Inc. “What this is all about is notifying parents about information we are gathering. We have been fastidious as a company about doing that.”

Some app developers warned that the cost of complying with the new regulations would force many of them to stop building apps for kids.

Liability for violating the rules does not extend to Google, Apple and other technology giants that operate online stores that sell kids’ apps.

The Application Developers Alliance said the kids’ software industry is mostly made up of entrepreneurs who can’t afford lawyers to help them navigate the complex new rules governing kids’ privacy.

“Ultimately it’s the kids, parents and teachers who will suffer,” said Tim Sparapani, vice president of law policy and government relations at the alliance.

Josh Hartwell, who runs Mobile Deluxe, a mobile game developer and publisher in Santa Monica, has three kids and a fourth on the way. He said he and many other app developers agree that protecting children’s privacy is “paramount” and supports weeding out “bad actors.” But he worries that the burdensome new rules will stifle innovation.

“Some of the compliance issues are going to make it tougher for people to create apps for kids,” Hartwell said.

But Samantha Lurey, CEO of Go Trexx in Mission Viejo, which makes travel apps for kids, applauded the effort to increase privacy protections for children.

“This is something our firm has wanted to see for a while now. We feel that federal regulators are going in the right direction,” Lurey said. “Because our apps are designed for kids, we felt it was really important that we were not capturing any sensitive information. I think other developers will find that it’s relatively easy to construct apps that are engaging, entertaining and useful without capturing sensitive information.”