FTC's Overzealous Attempts To 'Protect The Children' May Do Serious Harm To The Internet
from the we-don't-need-the-ftc-to-act-as-our-parents dept
Earlier this year, we were reasonably worried about the FTC’s plan to expand COPPA. COPPA — the Childrens Online Privacy Protection Act — is one of those laws that appears to have the best of intentions. Who doesn’t want to protect the privacy of children, right? But as with so many things, the unintended consequences of overprotection often outweigh the benefits. In practice, the existing COPPA, which puts significant additional burdens on sites that target children under 13, has meant that lots of websites simply ban children under 13 entirely. The end result isn’t that children under 13 are more protected, but that parents teach their kids it’s okay to lie and to sign up for sites when they’re “underage.” At the same time, this drives away lots of services that could be really helpful to children — especially educational sites.
And yet… the FTC wants to expand COPPA, rather than fix its problems. While the new proposals are not as bad as some ideas that had originally been floated, there are still some significant problems with them. As CDT notes, the unintended consequences of the broad definitions could raise significant First Amendment issues:
…we are concerned that the updated definition of when a website is “directed to children” could expand COPPA’s reach to general audience sites and confuse website owners as to whether these new rules apply to them. This uncertainty will likely prompt more sites to take advantage of the Commission’s new age-screening safe harbor, which could lead to many more sites demanding age or identifying information from all users before allowing access. Requiring age verification from every user runs counter to the First Amendment right to access information anonymously and increases the collection of potentially sensitive information generally. The new rule’s uncertainty is magnified for third party plug-in operators, who may now be liable for the decisions of publishers to embed their plug-in on sites directed to children
Similarly, TechFreedom notes some related potential problems with the new rules.
To start, by deeming persistent identifiers as personal information per se, the FTC’s new rule runs contrary to established U.S. privacy law: federal courts have unanimously decided that IP addresses do not allow the contacting of a specific individual.
Further, as Commissioner Ohlhausen’s dissent notes, the COPPA statute does not allow the FTC to impose liability on sites that do not collect children’s information merely because the operator may somehow benefit from an ad network or plug-in operator collecting information—provided the third party neither targets children nor shares information with the site operator.
If a third party becomes liable once a single employee “recognizes the child-directed nature” of a website—whatever that means—COPPA will become the worst kind of notice-and-takedown system: Would a single complaint—or tweet—from a parent or activist group create “knowledge?” Faced with the impossible task of predicting how the FTC might characterize each of the millions of sites on which ads or plug-ins might appear, operators will have to try to block advertising or plug-ins on sites that appears to be child-oriented. If they can’t do that effectively, this potential liability may effectively kill behavioral advertising on any site that can’t prove it isn’t child-oriented—in other words, on small sites.
Thus, COPPA will now impact adult sites, denying publishers revenue and adult users the functionality that is increasingly provided by embeds. Thus, the FTC invites not only a statutory challenge but also a constitutional challenge similar to that which led the Child Online Protection Act (COPA) to be struck down.
Finally, we’ve got law professor Eric Goldman, who doesn’t hold back his thoughts:
Yesterday, the U.S. Federal Trade Commission (the FTC) promulgated new rules (effectively July 1, 2013) interpreting the Children’s Online Privacy Protection Act (COPPA), and the new rules are a real mess. They are riddled with innumerable ambiguities and questionable policy choices, and I could spend a decade or two trying to figure out how the new rules apply to different factual situations.
That’s not a good thing — unless you’re a lawyer. As he notes, once again, the intentions may have been good, but the implementation is a disaster:
The FTC wanted to crack down on these COPPA workarounds, but in typical FTC fashion, it did so in a ham-fisted and marble-mouthed way.
Basically, we’re talking about the usual “unintended consequences” of going overboard in trying to “protect the children!” It’s a noble goal, obviously. But, speaking as a parent as well as someone who’s aware of how these kinds of rules tend to limit innovation, I’d much prefer that the FTC actually stay out of the parenting business and leave that to me.