Whether they are surfing, studying, chatting or playing video games, kids today are spending more and more time online, taking advantage of the vast, richly-diverse resources found on the Internet. But as we know very well...sometimes painfully...there can be a dark side to the Internet, too.
The Children's Online Privacy Protection Act was adopted by Congress in 1998 to help protect the privacy of our children. COPPA requires websites and other online services to obtain parental consent before collecting and sharing information from kids who are under the age of 13.
As a mother -- and as Chairman of this Subcommittee -- this is an issue that remains one of my top priorities...as well as one of my big areas of concern. For the most part, the Federal Trade Commission has done a great job of making sure COPPA has worked well for our kids and their families.
But it's time to begin asking some important questions:
* Should Congress revisit COPPA in light of the rapid technological advances which have been made since its enactment more than a decade ago?
* Is the current age threshold sufficient to protect our kids or should it be raised?
* If it is raised, what are the Constitutional and technological implications?
* Is the COPPA Safe Harbor regime an effective self-regulatory model? Could it be successfully utilized in other privacy contexts?
* And, finally, is the expansion of the definition of personal information in the COPPA rule appropriate for use as a precedent in the broader online privacy context?
Today, we will begin debating these and other issues with a respected panel of experts. One thing is very clear to me: kids today are becoming more tech savvy at a younger and younger age. But that exposure to exciting, new sophisticated devices -- and countless websites located around the world -- doesn't necessarily mean that they are going to have any better judgment or make them any more aware of what dangers might lurk online.
That's why the FTC and parents everywhere must continue to play a critically important role in safeguarding the privacy of our children.
The purpose of this hearing is to take a close look at the adequacy of existing protections, and whether the FTC's proposed changes to COPPA go too far, not far enough, or manage to strike the appropriate balance. Having reviewed these changes carefully, I think the FTC has -- as I often say -- hit the "sweet spot."
One of the most significant changes involves revising the definition of personal information to include geolocation data and persistent identifiers, such as IP addresses or device serial numbers.
A second change to the existing COPPA rule includes a new provision to govern data retention and deletion of children's personal information. It requires operators to delete information when it is no longer needed to fulfill its original purpose.
Another significant improvement to COPPA addresses the growing unreliability of so-called "email plus" by eliminating it as a method of parental consent.
And when it comes to Safe Harbors, the FTC is proposing a new self-audit requirement, calling for information practices to be reviewed annually. Additionally, all Safe Harbor programs would be required to regularly submit to the FTC the results of their annual member audits and any disciplinary actions imposed by their members.
Clearly, Chairman Leibowitz and the rest of the Federal Trade Commission deserve our thanks and appreciation for conducting a careful, thorough and thoughtful review of COPPA, leading to these important recommended changes.
While some privacy advocates would like to raise the COPPA age threshold because of an increasing use of social networking sites by teenagers, such as Facebook, Twitter and Google+, I believe the FTC showed common-sense restraint in taking a "go-slow" approach.
The last thing we want to do is to inhibit technological advancements and stifle growth of the Internet by moving forward in a new policy area without a really good, smart game plan in place. I look forward to having this particular debate in the months ahead as we continue our broader hearings on privacy.
In closing, I also want to stress the importance of parental involvement in this process. It's not enough to simply "check the box" and provide consent. I urge all parents...everywhere...to regularly check out the websites that your kids are visiting.
Carefully review their privacy policies. And, finally, ask questions. Make sure you clearly understand a site's practices as well as its policies, and give your kids a primer on the dangers of online predators. Talk to them often and make them more self-aware.
It's critically important that all of us continue to work together to keep the Internet as safe as possible for all children.