Privacy & Information Security Law Blog

On December 20, 2023, the FTC issued a Notice of Proposed Rulemaking (“Notice”), which would bring long-anticipated changes to the children’s online data privacy regime at the federal level in the U.S. The Notice sets forth several important proposals aimed at strengthening the Children’s Online Privacy Protection Act Rule (“COPPA Rule”). The COPPA Rule has not been updated since 2012. The FTC received over 176,000 comments in response to its call to comment on updating the COPPA Rule.

Proposed modifications to the COPPA Rule include:

• Requiring targeted advertising for children to be turned “off” by default. A separate verifiable parental opt-in consent would be required, with narrow exceptions.
• Limiting push notifications that are intended to keep children online longer. Notice and consent would be required for the use of “engagement-enhancing techniques,” including push notifications.
• Restricting ed tech in schools. The use of education technology (“ed tech”) would be limited and the changes would codify guidance that bars students’ personal information being used for commercial purposes.  
• Strengthening data security. Retention and deletion requirements would be tightened. Operators also would be required to implement a written children’s personal information security program.
• Prohibiting the conditioning of participation on personal information collection. Collecting more information than necessary for participation in games, prizes or similar activities is currently prohibited, but the FTC proposed additional restrictions and is considering expanding the definition of “activity.”
• Limiting the broad purposes for which children’s personal information may be used. For example, the COPPA Rule currently permits an exception to parental consent for information collected for “internal operations.” Operators would now be required to provide a notice documenting the justification for such collection and how the data will be restricted from being used to contact individuals.

The FTC has called for additional input on various topics still under consideration.  After the Notice is published in the Federal Register, the public will have 60 days to comment.