Innovation Files has moved! For ITIF's quick takes, quips, and commentary on the latest in tech policy, go to itif.org

Why Haven’t the FTC’s New COPPA Rules Made Your Kids Safer Online?

Young man looking at camera up dressed in protective workwear

On July 1, new rules from the Federal Trade Commission (FTC) for implementing the Children’s Online Privacy Protection Act (COPPA) went into effect. COPPA requires certain online services to display privacy policies and obtain verifiable consent from a parent or guardian before collecting personal information from children. Under the new rules, the FTC has expanded the number and type of companies that must comply with COPPA, as well as the definition of personal information. While the old rules were already having a negative impact on innovation among online services directed at children, the new rules will further limit innovation and the availability of high quality online content for children, in particular, by restricting online behavioral advertising on many websites.

There are legitimate reasons for COPPA even if its implementation has been poor. First, one of the main concerns about children’s privacy in 1998 (when Congress passed COPPA) was the ease with which anyone with $50 could purchase the names and addresses of children in their neighborhood. Clearly selling this type of data without any regulations in place was a bad idea, and Congress rightly stepped in to prohibit this practice.

Second, COPPA tries to address the issue of consent among minors. Children are too young to be able to consent themselves to the information practices of different websites so parents must provide this consent when it is needed. Under COPPA, the FTC must decide which practices are acceptable without parental permission and which practices are not. The FTC has a wide range of options from allowing virtually any practice to allowing none.

Unfortunately the FTC has skewed much closer to “allowing none” than a reasonable middle ground. COPPA rules should not be written with the goal of making the Internet safe for the children of parents with the most radical privacy preferences, but rather they should be written so as to find a balance between privacy safeguards and other benefits that come from the frictionless exchange of information. Keep in mind that even with a lower “default” privacy setting for children, parents can still choose whether or not to allow their children to use the Internet or particular websites and under what conditions. Regardless of the rules that are put in place, COPPA regulations in no way diminish the need and responsibility for parents to supervise their children’s online activity and teach them about Internet safety.

Unfortunately, the new COPPA rules are an example of regulators putting privacy ahead of innovation. What’s worse, in this case, is it’s hard to see how children come out ahead by almost any metric. Consider common parental concerns:

  • Alarmed by the possibility that children might see graphic violence, sex, or profanity on the Internet? COPPA does not address any of those issues (and it probably shouldn’t given the First Amendment).
  • Concerned that children are exposed to too much online advertising? COPPA does not prevent sites from displaying ads to children and under the new rules children may actually see more ads (for reasons discussed below).
  • Disturbed by the idea of advertisers targeting children based on their interests? You shouldn’t be, but regardless COPPA does not prevent websites from displaying contextual advertising.
  • Troubled by the idea of children having their Internet activity tracked and used to deliver them targeted advertising? Again, you shouldn’t be, but COPPA does not prevent children from receiving these types of ads on the Internet; it only prevents websites directed primarily at children from showing these ads.

No matter where you stand on privacy issues, it’s hard to see exactly how children have been made better off under the new rules. And if you are worried that there is not enough free, high-quality educational and entertainment content available for children…well your fears are justified.

The new rules will create at least two negative impacts. First, websites directed at children or knowingly providing access to children will have a diminished ability to earn revenue. Second, the most useful aspects of the Internet—the ability to easily share information with others—will be severely limited, if not eliminated for children’s online services.

The first impact of the new rules will be that online services directed at children (or those who knowingly have users under the age of 13)—including mobile apps and websites—will no longer be able to deliver targeted ads to children without parental consent. Targeted ads generally produce more revenue than other ads because they are more relevant to users.  This change will have a negative impact on revenue for makers of child-directed online content and services, particularly those who do not otherwise need to collect information about their users, such as educational sites. To make up for this, developers might increase the number of ads they show to children or simply move away from advertising-based models to fee-based models. Parents who can afford to pay for online services might not mind this change, but parents who cannot will be out of luck. Or developers may decide to put an age-gate on their products and services or discontinue them to avoid the risk of running afoul of the COPPA rules. The overall impact of these changes will be the further erosion in the quality of free apps and websites available to children. 

The second impact will be a diminished utility among online services available to children. If the current trend continues, increasingly children will only have access to limited functionality on apps and websites. Perhaps the best example of this phenomenon is the popular app SnapChat which allows users to share photos with others. In contrast, the “child-friendly” version of this app does not allow any sharing—and that is the entire purpose of the app!

The original goal of COPPA was to enhance online safety and privacy for children while preserving their access to content and the rich interactivity of the Internet. Not only do the FTC’s new COPPA rules appear to have little to no value for consistently improving children’s privacy and safety online, they also clearly do not take the latter goal of preserving innovation on the Internet to heart. Sadly regulators have taken a very narrow view of what it means to be helping children.

Print Friendly

About the author

Daniel Castro is vice president at ITIF. His research interests include health IT, data privacy, e-commerce, e-government, electronic voting, information security, and accessibility. Previously, Castro worked as an IT analyst at the Government Accountability Office where he audited IT security and management controls at various government agencies. He has a B.S. in foreign service from Georgetown University and an M.S. in information security technology and management from Carnegie Mellon University.
  • Tracey Bryan

    Hi, may I use your image for a presentation I am doing for parents at my school?

    I look forward to hearing from you.

  • Ray Scanten

    The inefficiency of COPPA compliance and enforcement efforts is a proof that electronic commerce is a very inefficient medium. While technology evolves, the need in commerce at all may be totally decreased, or even will vanish at all.

    When 3D printing will be availiable at home, industries such as collector scale model industry may also vanish, because now, everyone can make this model in a 3D editor. Softwares like Pepakura Designer (a japanese software that allows converting 3D models into papercraft layouts which can be further printed and assembled) is a very last step before 3D printing public availability. This means that if now papercraft models don’t need to be sold in magazines (like earlier), then in future the need for separate collector scale model marketing (often being distinguished from toy marketing) will be zero since everyone will be able to print the model. However, the controversies still present, such as “3D-counterfeit” term (regarding 3D-printed replicas of brand goods). If 3D-scanning will also be developed and spread to masses, there will be almost zero need for brands at all.

    In music, now everything can be recorded into MP3 and spread around the web. However, many music publishers, performers and producers shun the idea of MP3 format due to various reasons. Usually, it’s because MP3 is a very wide-spread sound recording format, and also due to copyright issues. While earlier, music was being recorded on vinyls and CD-DA’s, which were impossible to be copied by an ordinary end user. Now, CD’s and DVD’s can be converted into ISO file, which is a disc image that is used for CD burning. Why ISO files and CD burning softwares such as Nero etc for same reason is not considered illegal then? Consider also analog audio tape and VHS home recording possibility… Music publishers, performers and producers, movie directors, actors etc now became that aggressive because now, there is no need for their “brand”. Especially when recently 3D animation became very realistic and it can even feel like a live-action movie, so with these days technolody it’s rather better to use 3D animation softwares and realistic models with stages, than hire famous actors and actresses while paying huge royalties.

    Similar attitudes usually appear in famous people (such as actors, performers, directors, craftsmen etc) due to their fear or vex towards high tech and progress. Their need for money and fear of the tech makes up a very niche industry and market which despite having narrow target audience may have high profit and even be prestige. These attitudes predict a flash in the pan of future. Probably, because it’s very generational issue. When Jackie Chan was born, there was no 3D animation, no even VHS recorders and players. At the time of Michael Jackson’s youth, all music was recorded on analog audio tapes and vinyl plates. Hans Bellmer, the author of ball jointed doll layout and photography, didn’t know anything about 3D modeling, nor even casting (because polyurethane/vinyl resins were not availiable at that time): he was sculpting his dolls by hand.

    The younger generation, usually the COPPA’s target – children under 13 – are more used to modern digital technology. Consider also that at the time of these supra famous individual’s childhood, there were barely few or even no TV sets, radio receivers, or other mass media appliances at all. Same goes to COPPA itself: in 1998, smartphones, social media websites, video/voice chats etc were not present at all. Due to high cost of COPPA compliance, companies just find it easier to block children from being a target audience of it, often even giving up parental consent and stating aggressive terms of service (DeviantArt, Tumblr). Some websites even try hardcore age screening mechanisms: asking for birthdate even before registration (forums powered by vBulletin, Invision etc) or even viewing website at all (Quora, Blurtit, WattPad). Sometimes website include policy that children are not allowed to use it while not collecting users’ age at all (4Shared, ImageShack).

    While the law applies only to U.S. commercial websites, it influenced worldwide Internet community in a very hard way. For example, non-American (Gaijin Entertainment), and/or even non-commercial websites (various forums and message boards, websites such as Glitter Graphics) started blocking children under 13 as well. Similarly, the law received a parental review as “useful to protect children”. Common opinions are that the law is similar to the “PG-13″ movie rating (considering worldwide impact of the law, it may make everything digital as inherently PG-13 – even if it’s kid-friendly), that it also protects children from “online predators, strangers and stalkers”, and that “kids should go outside on the street” (while virtually, it’s very hard to recognize an online predator, and even outside kids are forced not to talk to strangers – which makes them into risk of being anti-social, dependent from parents, or mental disorders such as separation anxiety disorder. Consider that kids who are not social are more at risk, and that even on playgrounds kids don’t play with each other unless they’re siblings, relatives, or classmates. Also, real life interactions are not as flexible as online interactions, which makes finding a good friend in real life a hard and nearly impossible way).

    Instead of privacy protection legislation, we have a law that acts exactly like DRM (digital rights management) system. Just like for music, movie, artisan crafts, live action etc industry DRM may be benevolent for “copyright protection”, COPPA acts as a DRM for online service operators for “privacy protection”. Similarly to situation with lying about age, bypassing DRM systems is also tricky but illegal deal due to similar DRM ineffectiveness. COPPA and DRM have very same, but big flaws: usability restriction, and information spreading restriction. Consider that various countries may have laws that contradict DRM and COPPA principles altogether. These systems are defective by design. The ultimate way to ensure copyright protection is to delete “Copy” function from operating systems at all, and for the online child privacy and safety – to make up a browser that does not open at all and blocks all net protocol traffic (virtually disconnecting the PC) until the user becomes of age. There are no other ways than these. For both situations, a user/child may feel inconvenient. There will be nothing good in both occasions. While corporations and government may have profit from both, the whole thing seems very akin to sadism, or totalitarian regimes, or banking establishments which are more dangerous than standing armies.