FTC et révision de la COPPA

On peut lire sur le site de la Federal Trade Commission (FTC) que la date limite pour envoyer des commentaires quant au projet de révision des règles d'application de la Children's Online Privacy Protection Act (COPPA) a été prolongée jusqu'au 24 septembre 2012. 

Il convient de rappeler que la COPPA est entrée en vigueur en 2000. En vertu de cette loi, tout site Web qui collecte des renseignements personnels auprès de jeunes de moins de 13 ans doit obtenir le consentement préalable des parents. 

La FTC veille à l'application de cette loi. En septembre 2011, elle a débuté ses travaux visant à réviser cette loi et ses règles d'application. À cette fin, elle a publié des études (billet) ou encore mis en place des consultations (billet 1 et 2). 

La consultation en cours concerne les règles d'application de cette loi, plus particulièrement les modifications présentées le 1er août 2012:  

"The proposed modifications to the definitions of "operator" and "website or online service directed to children" would allocate and clarify the responsibilities under COPPA when third parties such as advertising networks or downloadable software kits ("plug-ins") collect personal information from users through child-directed websites or services. The Commission proposes to state within the definition of "operator" that personal information is "collected or maintained on behalf of" an operator where it is collected in the interest of, as a representative of, or for the benefit of, the operator. This change would make clear that an operator of a child-directed site or service that chooses to integrate the services of others that collect personal information from its visitors should itself be considered a covered "operator" under the Rule.
The Commission also proposes to modify the definition of "website or online service directed to children" to:

1. Clarify that a plug-in or ad network is covered by the Rule when it knows or has reason to know that it is collecting personal information through a child-directed website or online service;
2. Address the reality that some websites that contain child-oriented content are appealing to both young children and others, including parents. Under the current Rule, these sites must treat all visitors as under 13 years of age. The proposed definition would allow these mixed audience websites to age-screen all visitors in order to provide COPPA's protections only to users under age 13; and,
3. Clarify that those child-directed sites or services that knowingly target children under 13 as their primary audience or whose overall content is likely to attract children under age 13 as their primary audience must still treat all users as children.

Finally, the Commission proposes to modify the Rule's definition of "personal information" to make clear that a persistent identifier will be considered personal information where it can be used to recognize a user over time, or across different sites or services, where it is used for purposes other than support for internal operations. In connection with this change, the Commission proposes to modify the definition of "support for internal operations" in order to explicitly state that activities such as: site maintenance and analysis, performing network communications, use of persistent identifiers for authenticating users, maintaining user preferences, serving contextual advertisements, and protecting against fraud and theft will not be considered collection of "personal information" as long as the information collected is not used or disclosed to contact a specific individual, including through the use of behaviorally-targeted advertising, or for any other purpose".

(Source: FTC, News, 01-08-2012)

À suivre donc ...

Pour aller plus loin, 

• FEDERAL TRADE COMMISSION, 
• "FTC Extends Deadline to Comment on Proposed Modifications to the Children's Online Privacy Protection Rule Until September 24, 2012", News Release, August 27, 2012.  
• "FTC Seeks Comments on Additional Proposed Revisions to Children's Online Privacy Protection Rule", News Release, August 1, 2012.
• "Children's Online Privacy Protection Rule - Additional Proposed Modifications", (2012) vol. 77 n° 151 Federal Register 46643
• "Children's Online Privacy Protection Rule - Proposed Rules", (2011) vol. 76 n° 187 Federal Register 59804.