12/19/2012 12:33 pm ET Updated Feb 19, 2013

FTC Tightens Rules Protecting Children's Online Privacy

By Diane Bartz

WASHINGTON (Reuters) - The government announced tighter rules on Wednesday to protect children's online privacy by restricting the collection of data, like the child's location, unless parents consent.

The actions by the Federal Trade Commission mark an update to rules that were based on the 1998 Children's Online Privacy Protection Act, developed when most computers were big beige boxes sitting under office desks instead of smartphones in backpacks, and online social media was unheard of.

"The Commission takes seriously its mandate to protect children's online privacy in this ever-changing technological landscape," FTC Chairman Jon Leibowitz said in a statement.

Under the updated rule, IP addresses, which are unique to each computer, will be added to the list of personal information that cannot be collected from children without parental consent if the data will be used for behavioral advertising or tracking.

Location, photos, videos and audio files were also added to the definition.

Leibowitz said the commission struck "the right balance between protecting innovation that will provide rich and engaging content for children, and ensuring that parents are informed and involved in their children's online activities."

But Senator John Rockefeller, a West Virginia Democrat and chair of the Senate Commerce, Science and Technology Committee, which oversees the FTC, said he had wanted legislation that went further.

"There are groups that will complain about it (COPPA being too weak), and so will I, but we can't do anything more about it right now," he said. "Children's privacy as far as I am concerned is an absolutely top line issue."

Privacy advocates and advertising companies had been watching closely to see if the agency would go through with a pledge made in August to add IP addresses to the restrictions.

Advertisers had argued against the move since several people in a family - adults and children - could use the same computer. Privacy advocates said it was needed to protect children.

Also under the updated rule, plug-ins and other third parties connected to children's websites and apps cannot allow third parties to collect information on children without parental consent.

Big companies would be able to deal with the changes but the tighter regulators could be onerous for smaller firms, said John Feldman of the law firm Reed Smith LLP.

"I represent companies who are trying to sell products and services," he said. "The bigger companies feel like they can deal with it. There are significant costs that will be associated with this."

Privacy advocate Kathryn Montgomery, who teaches at American University, said the update was needed, given the growth of social networks and mobile computing. She urged the FTC to be tough about enforcing the rules.

"The new rules should help ensure that companies targeting children throughout the rapidly expanding digital media landscape will be required to engage in fair marketing and data collection practices," she said.

The proposal also specifies that family websites, which are websites aimed at children and adults, would be allowed to screen users to determine their ages and only provide protection to children under age 13.

Currently, all visitors to the websites must be treated as if they are under age 13.

The FTC's rule implementing COPPA became effective in 2000.

The updated rule takes effect on July 1. It was approved by a vote of three to one with one commissioner abstaining.

(Reporting by Diane Bartz; Editing by Ros Krasny, Dan Grebler and Tim Dobbyn)