FTC's Attempt To Broadly Expand Misguided Child Protection Law Will Chill Innovation

from the well-meaning,-but-bad-policy dept

The FTC plans to put COPPA obligations on plugin developers if they “know or have reason to know” that their plugin has been installed on a children’s site. “Plugins” include analytics providers, advertising networks, social media plugins, embedded videos, or anyone else who provides third-party code for websites. Under the FTC's proposed change, if plugin developers receive a user’s IP address through a plugin that’s been installed on a children’s site, they could face legal liability for collecting children’s personal information.



It’s unclear how a plugin or platform like Twitter is supposed to “know or have reason to know” that someone has cut and pasted a line of their code into a children’s site. The FTC says that plugin developers “will not be free to ignore credible information brought to their attention.” But the FTC doesn’t say what counts as “credible.” Would developers have to assume every random e-mail is a credible tip that could saddle them with legal liability? Even if the FTC did provide clarity, though, it would still be extraordinarily burdensome to place legal obligations on plugin developers based on the actions of others.

Things get worse with the FTC’s second major proposal: expanding the scope of sites deemed “directed to children” from sites aimed primarily at a very young audience to include sites and services that are “likely to attract an audience that includes a disproportionately large percentage of children under 13 as compared to the percentage of such children in the general population.”



This convoluted standard raises a number of serious issues. Not only is it difficult for site operators to gauge what proportions of their audience fall into arbitrary age buckets, but the FTC also gives operators no sense of what it means for an audience to be “disproportionately” composed of children in comparison to the general population. If a site’s audience is 20 percent children, is it disproportionately composed of children? What about at 30 percent? It’s not clear from the language, and it won’t be clear to website operators trying to run their sites while staying within the bounds of the law.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

We've written a few times about the Childrens Online Privacy Protection Act (COPPA) and how it was put in place without any data and without much concern for unintended consequences. As danah boyd has shown in her research, COPPA hasn't necessarily done much to protect children. Instead, it's made parents teach their kids it's okay to lie about their age . It's also why so many websites have seemingly arbitrary restrictions on kids under the age of 13. It's one of those "think of the children" laws that people want to like because itgood, and no one wants to support big businesses preying on children. But, the reality is that it has tremendous problems -- unintended consequences that limit various services -- and does little to actually protect children.And, of course, the FTC wants to expand it even further.They're asking for comments on the proposed changes in the rules, and if you develop websites or apps, you might want to speak up. CDT has put together a letter people can sign if they don't want to write up some comments themselves. They also have explained many of the problems with the new proposals . For example, it expands what COPPA applies to in very broad ways, potentially creating liability for developers without them even realizing it:The end result would almost certainly involve those companies putting a lot more limits on their apps, and create a huge cost (and potential liability) for all sorts of plugin and app writers. But there's an even bigger problem. While COPPA was clearly limited at sites directed at children, the FTC seems to think this wasn't enough, because other sites not directed at children might still attract children... and so they want this problematic rule to expand to sites who don't even cater to children:In fact, as CDT notes, this change almost certainly will do the exact opposite of what the rule intends. That is, it will make sites feel they need to collect more data about who is accessing their sites to make sure that they know if their audience includes kids, in which case they'll have to take steps. But that means they'll be... collecting more data about kids -- which is exactly what COPPA is supposed to stop.The FTC folks who support COPPA are certainly well meaning, but they seem to have little concern or interest about the real impact of the law and their specific rules around it, and how it not only fails to help protect children, but puts a serious damper on innovation as well.

Filed Under: apps, coppa, ftc, plugins, privacy, unintended consequences