Children's privacy rule could have wider effect

WASHINGTON - Unbeknown to the lucky children who unwrapped tablets or smartphones this holiday season, new rules issued in Washington to protect their privacy on those devices could have profound implications for the future of the Internet and mobile apps.

The Federal Trade Commission recently updated the 14-year-old Children's Online Privacy Protection Act rule, or COPPA, to cover smartphones and social media. The revised rule expands the list of "personal information" that cannot be collected from children under 13 without parental consent to include location, photographs and videos. It forbids child-directed apps and websites to track children's activities on the Internet or to pass their data on to other companies without their parents' knowledge. Third-party operators also will be liable for information gathered from child-oriented sites.

Privacy advocates say the changes set the stage for adult consumers to demand the same kind of privacy protection themselves.

The tech industry, which lobbied against the changes, warns that over-regulation of data collection will stifle innovation, increase costs for consumers and put some app developers and websites out of business.

One trade group, the Interactive Advertising Bureau, published a cartoon that depicts Santa wielding a mallet labeled "NEW REGS" to smash children's tablets and smartphones. The distraught youngsters clutch their broken devices and wail as a grinning elf offers them a box of safety goggles. "Don't let the FTC steal Christmas," the caption reads.

"We suspect this will dramatically diminish the number and kind of new education tools which are built for kids," said Tim Sparapani, vice president for law policy and government relations with Application Developers Alliance, an industry association. "We were in the midst of an incredible innovative cycle which had great potential for advancing educational apps for free or nearly free. ... The FTC's actions threaten to grind that to a halt."

Companies will have to hire lawyers and designers and build specially designed servers in order to comply with the new regulations, Sparapani said. "That might be the difference between you staying in business and thriving and hiring new people and closing up shop."

Online advertising models rely on data culled from browser cookies, IP addresses and click histories to provide targeted ads to consumers.

An FTC report issued earlier this month found that many mobile apps for children collect personal data without letting parents know who has access to it or how it will be used.

Almost 60 percent of the apps reviewed by FTC staff transmitted data from a child's device back to the app developer or other third party.

This practice of digital profiling is at the heart of an ongoing battle in Washington over whether data mining should be regulated by the government, and if so, how.

Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., introduced a bill in 2011 that would task the FTC with creating a "Do Not Track" option online, modeled on the agency's Do Not Call registry. Consumers would have to give explicit permission for their personal data to be used by websites or apps for targeted ads.

The legislation stalled in Congress, but the Obama administration and FTC officials are pushing for the industry to establish a voluntary "Do Not Track" standard.