Tuesday, January 01, 2013
More concerns have arisen over FTC's definition of "directed at kids" in new COPPA rukes
Forbes has a recent article (by Eric Goldman) characterizing the recent FTC implementation of new rules for COPPA a (Children’s Online Privacy Protection Act) “big mess”.
One of the problematical issues concerns the idea that app developers will be held responsible when their software is used to collect information from other sites (especially Facebook). This happens when there is “actual knowledge” that the app will be used this way. Goldman calls the language “inscrutable” but that part may be common sense. The problem is that app developers will now have to go through considerable expense to safeguard apps likely to be used by kids on major third party sites.
Goldman also takes issue with the last (or third) tier of the FTC”s expanded definition of “directed at kids” which can include more general-purpose websites and apps likely to appeal to everybody, but especially to older minors, particularly precocious minors already performing in public or working in unusual ways. (We saw this kind of discussion with COPA.) General purpose educational materials, for example on the sciences or sports with hobbies likely to appeal to minors could fall into this area. Website operators could be in violation if they track information inadvertently, even IP addresses. The FTC seems unaware that all hosted website services offer logs with IP addresses, and all offer detailed analytics (Urchin) that may fall just short of providing identifiable information if the webmaster looks hard enough. (As I have noted, I had reason to examine my own user logs in late 2005 after an “incident” when I was substitute teaching.) Advertising networks may expect webmasters to be facile with looking at detailed web statistics, and it is possible even to cut off specific abusive users (that has to do with HTA Access in Apache). It’s not clear that the FTC was aware of how this really can work.
The link for Goldman’s article (Dec. 20,2012) is here.
It is true that liability exists for service providers and webmasters only when "actual knowledge" of data collection from kids from sites or apps "directed at kids" exists.
The precocious minor issue is interesting. There are some practical situations where the only people (for employment purposes) who have the detailed knowledge of how to deploy a particular site or app effectively are themselves minors. This can be tricky.