Advisories
Federal Lawmakers Revive Do Not Track Kids Legislation
By Christin S. McMeley, Paul Glist, and Leslie Gallagher Moylan
11.18.13
A bipartisan, bicameral effort is again underway to extend current law and impose new restraints on the online tracking of children and teens under the age of 16. As promised, on Thursday, Nov.14, 2013, Senator Edward Markey (D-Mass) and Rep. Joe Barton (R-Texas) introduced their respective versions (S. 1700 and H.R. 3481) of the “Do Not Track Kids Act of 2013.” Specifically, the Do Not Track Kids Act would:
Background
COPPA, which was authored by Markey and passed in 1998, currently applies to operators of commercial websites or online services that are directed to children ages 12 and under, and requires parental consent before such site and service operators can collect, use and disclose personal information about those children. This is not the first time Senator Markey and Representative Barton have introduced Do Not Track Kids legislation. The duo authored a substantially similar bill in 2011 when Senator Markey was a member of the House.
Extension to Minors
The Do Not Track Kids Act of 2013 would extend many of COPPA’s protections to “minors” over the age of 12 and under the age of 16 whose personal information is collected on websites, online services or mobile applications “directed to minors” or where an operator of such a site or app has “actual knowledge” that the user is a minor. And while the legislation formalizes COPPA’s extended application to online and mobile applications and geolocation data, as well as the inclusion of device identifiers within the definition of personal information, the FTC had already made that leap through enforcement actions and amendments to its COPPA rules that went into effect on July 1 of this year. The legislation calls on the FTC, however, to define whether a site, service or app is “directed to minors” and what “geolocation information” is.
No Targeted Marketing
As in Markey and Barton’s Do Not Track Act of 2011, The Do Not Track Kids Act of 2013 prohibits targeted advertising to children and teens without consent of the parent of the child or the minor. In the case of sites and apps directed to minors, the legislation requires the operator to adopt a “Digital Marketing Bill of Rights for Teens,” that includes the Fair Information Practices Principles, in addition to the minor’s consent, before an operator can collect personal information from the teens.
Removal of Content (i.e., “Eraser Button”)
The new law would also create an “Eraser Button” that would allow parents and children to scrub their online personal information content, when technologically feasible. However, this “protection,” as written, faces some of the same challenges as California’s recently enacted “eraser” law: minors and parents can’t really “erase” everything. Content removal is limited to that posted by “the user who is attempting to erase or otherwise eliminate such content or information” and does not include content or information posted by other parties or that has been “republished or resubmitted by another person.”
Enforcement & Jurisdiction
The bill would give the Federal Trade Commission primary authority to prosecute violations as an “unfair or deceptive act or practice.” The bill would explicitly remove the FTC’s current exception for telecommunications carriers and, to the extent inconsistent, preempt Sections 222, 338(i) and 631 of the Cable Act. State Attorneys General may also prosecute in the absence of a pending FTC action and with notice to the Commission.
Broader Interest
Apart from the recent COPPA amendments and California legislation referenced above, Senate Commerce chairman Jay Rockefeller (D-W.Va.) previously introduced his own broadly applicable Do Not Track Act, but he has been focused of late on the “unprecedented amount” of consumer information that is collected, mined and sold by “data brokers,” opening a senate investigation into the industry’s practices earlier this year. Whether industry and consumer advocates can come together to create voluntary Do Not Track standards and mechanisms or whether Congress can enact any kind of Do Not Track legislation (broadly applicable or limited to “kids,”) is anyone’s guess at this point.
- Extend many of the privacy protections already afforded to children ages 12 and under in the Children's Online Privacy Protection Act (COPPA) to teens through age 15;
- Formally include online and mobile applications (the FTC already did this through enforcement actions and then by rule in its recent COPPA amendments);
- Expand the definition of “personal information” to include device identifiers;
- Extend COPPA protections to geolocation information;
- Prohibit targeted marketing to children and minors without verifiable parental consent for children or the consent of a “minor” (13-15 year old);
- Require the operators of a website, online service, or online or mobile application “directed to minors” to adopt and comply with a “Digital Marketing Bill of Rights for Teens” that is consistent with the Fair Information Practices Principles; and
- Attempt to arm parents and their children with an “eraser button” to eliminate publically available personal information online.
Background
COPPA, which was authored by Markey and passed in 1998, currently applies to operators of commercial websites or online services that are directed to children ages 12 and under, and requires parental consent before such site and service operators can collect, use and disclose personal information about those children. This is not the first time Senator Markey and Representative Barton have introduced Do Not Track Kids legislation. The duo authored a substantially similar bill in 2011 when Senator Markey was a member of the House.
Extension to Minors
The Do Not Track Kids Act of 2013 would extend many of COPPA’s protections to “minors” over the age of 12 and under the age of 16 whose personal information is collected on websites, online services or mobile applications “directed to minors” or where an operator of such a site or app has “actual knowledge” that the user is a minor. And while the legislation formalizes COPPA’s extended application to online and mobile applications and geolocation data, as well as the inclusion of device identifiers within the definition of personal information, the FTC had already made that leap through enforcement actions and amendments to its COPPA rules that went into effect on July 1 of this year. The legislation calls on the FTC, however, to define whether a site, service or app is “directed to minors” and what “geolocation information” is.
No Targeted Marketing
As in Markey and Barton’s Do Not Track Act of 2011, The Do Not Track Kids Act of 2013 prohibits targeted advertising to children and teens without consent of the parent of the child or the minor. In the case of sites and apps directed to minors, the legislation requires the operator to adopt a “Digital Marketing Bill of Rights for Teens,” that includes the Fair Information Practices Principles, in addition to the minor’s consent, before an operator can collect personal information from the teens.
Removal of Content (i.e., “Eraser Button”)
The new law would also create an “Eraser Button” that would allow parents and children to scrub their online personal information content, when technologically feasible. However, this “protection,” as written, faces some of the same challenges as California’s recently enacted “eraser” law: minors and parents can’t really “erase” everything. Content removal is limited to that posted by “the user who is attempting to erase or otherwise eliminate such content or information” and does not include content or information posted by other parties or that has been “republished or resubmitted by another person.”
Enforcement & Jurisdiction
The bill would give the Federal Trade Commission primary authority to prosecute violations as an “unfair or deceptive act or practice.” The bill would explicitly remove the FTC’s current exception for telecommunications carriers and, to the extent inconsistent, preempt Sections 222, 338(i) and 631 of the Cable Act. State Attorneys General may also prosecute in the absence of a pending FTC action and with notice to the Commission.
Broader Interest
Apart from the recent COPPA amendments and California legislation referenced above, Senate Commerce chairman Jay Rockefeller (D-W.Va.) previously introduced his own broadly applicable Do Not Track Act, but he has been focused of late on the “unprecedented amount” of consumer information that is collected, mined and sold by “data brokers,” opening a senate investigation into the industry’s practices earlier this year. Whether industry and consumer advocates can come together to create voluntary Do Not Track standards and mechanisms or whether Congress can enact any kind of Do Not Track legislation (broadly applicable or limited to “kids,”) is anyone’s guess at this point.