Also, “collection of personal information” no longer includes information children themselves post as a form of participation in “interactive communities” (e.g. online games) – sites and services don’t have to obtain parental consent as long as they “take reasonable measures to delete all or virtually all children’s personal information before it is made public.”
Collaborative regulatory power needed
From that last point, you can see that sites and services will be struggling for some time to understand the exact meaning of some of these revisions and how they apply to the user-driven content on their services. Both the confusion and some of the updates could either chill innovation (by increasing startup costs) or help shutter small businesses serving children.
For example, in its coverage of the revisions, the Washington Post cited the view of a developer of children’s book apps. The developer “fears heavy legal costs that she estimates could be as high as $10,000 [because] she would like to collect information about children to personalize her app so that users can create logs and reading goals.”
This indicates confusion because the FTC states that “no parental notice and consent is required when an operator collects a persistent identifier for the sole purpose of supporting … internal operations.” Collecting information for the sole purpose of enhancing a user’s experience – by allowing them to create “reading goals” in a book app – would probably be seen by the FTC as perfectly compliant, as an “internal operation.”
So as I watched the new rule’s unveiling live-streamed from Capitol Hill, I noted two things: