Request for Public Comment on the Federal Trade Commission’s Implementation of the Children’s Online Privacy Protection Rule, 17089-17093 [2010-7549]
Download as PDF
<![CDATA[
Federal Register / Vol. 75, No. 64 / Monday, April 5, 2010 / Proposed Rules
Powerplant Program, Part 1 of the
Bombardier CL–600–2B19 MRM CSP–053;
for related information.
Issued in Renton, Washington, on March
19, 2010.
Ali Bahrami,
Manager, Transport Airplane Directorate,
Aircraft Certification Service.
[FR Doc. 2010–6850 Filed 4–2–10; 8:45 am]
BILLING CODE 4910–13–P
FEDERAL TRADE COMMISSION
16 CFR Part 312
Request for Public Comment on the
Federal Trade Commission’s
Implementation of the Children’s
Online Privacy Protection Rule
Federal Trade Commission.
Request for public comment.
AGENCY:
srobinson on DSKHWCL6B1PROD with PROPOSALS
ACTION:
SUMMARY: The Federal Trade
Commission (‘‘FTC’’ or ‘‘Commission’’)
requests public comment on its
implementation of the Children’s
Online Privacy Protection Act (‘‘COPPA’’
or ‘‘the Act’’), through the Children’s
Online Privacy Protection Rule
(‘‘COPPA Rule’’ or ‘‘the Rule’’),. The
Commission requests comment on the
costs and benefits of the Rule, as well
as on whether it, or certain sections,
should be retained, eliminated, or
modified. All interested persons are
hereby given notice of the opportunity
to submit written data, views, and
arguments concerning the Rule.
DATES: Written comments must be
received by June 30, 2010.
ADDRESSES: Interested parties are
invited to submit written comments
electronically or in paper form, by
following the instructions in the
Invitation To Comment part of the
‘‘SUPPLEMENTARY INFORMATION’’ section
below. Comments in electronic form
should be submitted by using the
following weblink: (https://
public.commentworks.com/ftc/
2010copparulereview) (and following
the instructions on the web-based form).
Comments in paper form should be
mailed or delivered to the following
address: Federal Trade Commission,
Office of the Secretary, Room H-135
(Annex E), 600 Pennsylvania Avenue,
NW, Washington, DC 20580, (202) 3262252.
FOR FURTHER INFORMATION CONTACT:
Phyllis Marcus, (202) 326-2854, or
Mamie Kresses, (202) 326-2070,
Attorneys, Federal Trade Commission,
Division of Advertising Practices,
Federal Trade Commission,
Washington, D.C. 20580.
SUPPLEMENTARY INFORMATION:
VerDate Nov<24>2008
14:13 Apr 02, 2010
Jkt 220001
Section I. Background
The COPPA Rule, issued pursuant to
the Children’s Online Privacy Protection
Act, 15 U.S.C. § 6501, et seq., became
effective on April 21, 2000. The Rule
imposes certain requirements on
operators of websites or online services
directed to children under 13 years of
age, and on operators of other websites
or online services that have actual
knowledge that they are collecting
personal information online from a
child under 13 years of age (collectively,
‘‘operators’’).1 Among other things, the
Rule requires that operators provide
notice to parents and obtain verifiable
parental consent prior to collecting,
using, or disclosing personal
information from children under 13
years of age. The Rule also requires
operators to keep secure the information
they collect from children and prohibits
them from conditioning children’s
participation in activities on the
collection of more personal information
than is reasonably necessary to
participate in such activities. Further,
the Rule contains a ‘‘safe harbor’’
provision enabling industry groups or
others to submit to the Commission for
approval self-regulatory guidelines that
would implement the Rule’s
protections.2
Section II. Rule Review
COPPA and § 312.11 of the Rule
required the Commission to initiate a
review no later than five years after the
Rule’s effective date to evaluate the
Rule’s implementation. The
Commission commenced this
mandatory review on April 21, 2005.
After receiving and considering
extensive public comment on the Rule,
the Commission determined in March
2006 to retain the COPPA Rule without
change.3 However, the Commission
believes that changes to the online
environment over the past five years,
including but not limited to children’s
increasing use of mobile technology to
access the Internet, warrant reexamining
the Rule at this time.
In this notice, the Commission poses
its standard regulatory review questions
to determine whether the Rule should
be retained, eliminated, or modified. In
addition, the Commission identifies
several areas where public comment
would be especially useful. First, the
Commission asks whether the Rule’s
current definitions are sufficiently clear
and comprehensive, or whether they
might warrant modification or
1 16
CFR Part 312.
16 CFR Part 312.10; 64 FR at 59906-59908,
59915.
3 See 71 FR 13247 (Mar. 15, 2006).
2 See
PO 00000
Frm 00018
Fmt 4702
Sfmt 4702
17089
expansion, consistent with the COPPA
statute. Among other questions, the
Commission asks for comment on the
application of the definition of
‘‘Internet’’ to mobile communications,
interactive television, interactive
gaming, and similar activities. Further,
the Commission asks whether the Rule’s
definition of ‘‘personal information’’
should be expanded to include other
items of information that can be
collected from children online and are
not currently specified in the Rule, such
as persistent IP addresses, mobile
geolocation information, or information
collected in connection with online
behavioral advertising.
The Commission also seeks comment
on the use of automated systems for
reviewing children’s web submissions
(e.g., those that filter out any personally
identifiable information prior to
posting). In addition, the Commission
asks whether change is warranted as to
the Rule provisions on protecting the
confidentiality and security of personal
information, the right of parents to
review or delete personal information,
and the prohibition against conditioning
a child’s participation on the collection
of personal information. Finally, the
Commission seeks comment about its
role in administering the Rule’s safe
harbor provisions.
Section III. Questions Regarding the
COPPA Rule
The Commission invites members of
the public to comment on any issues or
concerns they believe are relevant or
appropriate to the Commission’s review
of the COPPA Rule, and to submit
written data, views, facts, and
arguments addressing the Rule. All
comments should be filed as prescribed
in the Invitation To Comment part of the
‘‘SUPPLEMENTARY INFORMATION’’ section
below, and must be received by June 30,
2010. The Commission is particularly
interested in comments addressing the
following questions:
A. General Questions for Comment
1. Is there a continuing need for the
Rule as currently promulgated? Why or
why not?
a. Since the Rule was issued, have
changes in technology, industry, or
economic conditions affected the need
for or effectiveness of the Rule?
b. What are the aggregate costs and
benefits of the Rule?
c. Does the Rule include any
provisions not mandated by the Act that
are unnecessary or whose costs
outweigh their benefits? If so, which
ones and why?
E:\FR\FM\05APP1.SGM
05APP1
17090
Federal Register / Vol. 75, No. 64 / Monday, April 5, 2010 / Proposed Rules
srobinson on DSKHWCL6B1PROD with PROPOSALS
2. What effect, if any, has the Rule
had on children, parents, or other
consumers?
a. Has the Rule benefitted children,
parents, or other consumers? If so, how?
b. Has the Rule imposed any costs on
children, parents, or other consumers? If
so, what are these costs?
c. What changes, if any, should be
made to the Rule to increase its benefits,
consistent with the Act’s requirements?
What costs would these changes
impose?
3. What impact, if any, has the Rule
had on operators?
a. Has the Rule provided benefits to
operators? If so, what are these benefits?
b. Has the Rule imposed costs on
operators, including costs of compliance
in time or monetary expenditures? If so,
what are these costs?
c. What changes, if any, should be
made to the Rule to reduce the costs
imposed on operators, consistent with
the Act’s requirements? How would
these changes affect the Rule’s benefits?
4. How many small businesses are
subject to the Rule? What costs (types
and amounts) do small businesses incur
in complying with the Rule? How has
the Rule otherwise affected operators
that are small businesses? Have the
costs or benefits of the Rule changed
over time with respect to small
businesses? What regulatory
alternatives, if any, would decrease the
Rule’s burden on small businesses,
consistent with the Act’s requirements?
5. Does the Rule overlap or conflict
with any other federal, state, or local
government laws or regulations? How
should these overlaps or conflicts be
resolved, consistent with the Act’s
requirements?
a. Are there any unnecessary
regulatory burdens created by
overlapping jurisdiction? If so, what can
be done to ease the burdens, consistent
with the Act’s requirements?
b. Are there any gaps where no
federal, state, or local government law
or regulation has addressed a
problematic practice relating to
children’s online privacy? Could or
should any such gaps be remedied by a
modification to the Rule?
B. Definitions
6. Do the definitions set forth in
§ 312.2 of the Rule accomplish COPPA’s
goal of protecting children’s online
privacy and safety?
7. Are the definitions in § 312.2 clear
and appropriate? If not, how can they be
improved, consistent with the Act’s
requirements?
8. Should the definitions of ‘‘collects
or collection’’ and/or ‘‘disclosure’’ be
modified in any way to take into
VerDate Nov<24>2008
14:13 Apr 02, 2010
Jkt 220001
account online technologies and/or
Internet activities and features that have
emerged since the Rule was enacted or
that may emerge in the future? For
instance, how will the use of centralized
authentication methods (e.g., OpenId)
affect individual websites’ COPPA
compliance efforts?
9. The Rule considers personal
information to have been ‘‘collected’’
where an operator enables children to
make personal information publicly
available through a chat room, message
board, or other means, except where the
operator ‘‘deletes’’ all individually
identifiable information from postings
by children before they are made public
and deletes such information from the
operator’s records.
a. Are there circumstances in which
an operator using an automated system
of review and/or posting meets the
deletion exception to the definition of
collection?
b. Does the Rule’s current definition
of ‘‘delete’’ provide sufficient guidance
to operators about how to handle the
removal of personal information?
10. Should the definition of
‘‘collection’’ be modified or clarified to
include other means of collection of
personal information from children that
are not specifically enumerated in the
Rule’s current definition?
11. What are the implications for
COPPA enforcement raised by
technologies such as mobile
communications, interactive television,
interactive gaming, or other similar
interactive media, consistent with the
Act’s definition of ‘‘Internet’’?
12. The Rule defines ‘‘personal
information’’ as individually identifiable
information about an individual
collected online, and enumerates such
items of information. Do the items
currently enumerated as ‘‘personal
information’’ need to be clarified or
modified in any way, consistent with
the Act?
13. Section 1302(8)(F) of the Act
provides the Commission with
discretion to include in the definition of
‘‘personal information’’ any identifier
that it determines would permit the
physical or online contacting of a
specific individual.
a. Do operators, including network
advertising companies, have the ability
to contact a specific individual, either
physically or online, using one or more
pieces of information collected from
children online, such as user or screen
names and/or passwords, zip code, date
of birth, gender, persistent IP addresses,
mobile geolocation information,
information collected in connection
with online behavioral advertising, or
other emerging categories of
PO 00000
Frm 00019
Fmt 4702
Sfmt 4702
information? Are operators using such
information to contact specific
individuals?
b. Should the definition of ‘‘personal
information’’ in the Rule be expanded to
include any such information?
14. Are providers of downloadable
software collecting information from
children that permits the physical or
online contacting of a specific
individual?
15. Should the Rule define ‘‘the
physical or online contacting of a
specific individual,’’ ‘‘website,’’ ‘‘online
service,’’ or any other term not currently
defined? If so, how should such terms
be defined, consistent with the Act’s
requirements?
C. Notice
16. Section 312.4 of the Rule sets out
the requirements for the content and
delivery of operators’ notices of their
information practices with regard to
children.
a. Are the requirements in this Part
clear and appropriate? If not, how can
they be improved?
b. Should the notice requirements be
clarified or modified in any way to
reflect changes in the types or uses of
children’s information collected by
operators or changes in communications
options available between operators and
parents?
D. Parental Consent
17. Section 312.5 of the Rule requires
operators to obtain verifiable parental
consent before collecting, using, and/or
disclosing personal information from
children, including consent to any
material change to practices to which
the parent previously consented. This
Part further requires operators to make
reasonable efforts to obtain this consent,
which efforts are reasonably calculated
to ensure that the person providing
consent is the child’s parent, taking into
consideration available technology.
a. Has the consent requirement been
effective in protecting children’s online
privacy and safety?
b. What data exists on: (1) operators’
use of parental consent mechanisms; (2)
parents’ awareness of the Rule’s
parental consent requirements; or (3)
parents’ response to operators’ parental
consent requests?
18. Section 312.5(b)(2) of the Rule
provides a non-exhaustive list of
approved methods to obtain verifiable
parental consent, including: providing a
consent form to be signed by the parent
and returned to the operator; requiring
a parent to use a credit card in
connection with a transaction; having a
parent call a toll-free number staffed by
trained personnel; using a digital
E:\FR\FM\05APP1.SGM
05APP1
srobinson on DSKHWCL6B1PROD with PROPOSALS
Federal Register / Vol. 75, No. 64 / Monday, April 5, 2010 / Proposed Rules
certificate that uses public key
technology; and using email
accompanied by a PIN/password
obtained through one of the other
enumerated verification methods.
a. To what extent are operators using
each of the enumerated methods? Please
provide as much specific data as
possible, including the costs and
benefits associated with each method
described.
b. Are there additional methods to
obtain verifiable parental consent, based
on current or emerging technological
changes, that should be added to § 312.5
of the Rule? What are the costs and
benefits of these additional methods?
c. Should any of the currently
enumerated methods to obtain verifiable
parental consent be removed from the
Rule? If so, please explain which one(s)
and why.
d. Are there methods for delivering a
signed consent form, other than postal
mail or facsimile, that would meet the
Rule’s standards for verifiable parental
consent? Should these be specified in
the Rule?
e. Are there current or emerging forms
of payment, other than the use of a
credit card in connection with a
transaction, that would meet the Rule’s
standards for verifiable parental
consent? Should these be specified in
the Rule?
f. The Rule permits use of a credit
card in connection with a transaction to
serve as a form of verifiable parental
consent. Is there data available on the
proliferation of credit cards, debit cards,
or gift cards among children under 13
years of age? What challenges, if any,
does children’s use of credit, debit, and/
or gift cards pose for Rule compliance
or enforcement?
g. Are there current or emerging forms
of oral communication, other than the
use of a toll-free telephone number
staffed by trained personnel, that would
meet the Rule’s standards for verifiable
parental consent? Should these be
specified in the Rule?
19. Section 312.5(b)(2) also sets forth
a mechanism that operators can use to
obtain verifiable parental consent for
uses of information other than
‘‘disclosures’’ (the ‘‘email plus
mechanism’’). The email plus
mechanism permits the use of an email
coupled with additional steps to
provide assurances that the person
providing consent is the parent,
including sending a confirmatory email
to the parent following receipt of
consent or obtaining a postal address or
telephone number from the parent and
confirming the parent’s consent by letter
or telephone call. In 2006, the
Commission announced that it would
VerDate Nov<24>2008
14:13 Apr 02, 2010
Jkt 220001
retain the email plus mechanism
indefinitely. See (https://www.ftc.gov/os/
fedreg/2006/march/060315childrensonline-privacy-rule.pdf).
a. Does the email plus mechanism
remain a viable form of verifiable
parental consent for operators’ internal
uses of information?
b. Are there other current or emerging
forms of communications, not
enumerated in § 312.5(b)(2), that would
meet the Rule’s standards for verifiable
parental consent for operators’ internal
uses of information? Are any changes or
modifications to this Part warranted?
E. Exceptions to Verifiable Parental
Consent
20. COPPA and § 312.5(c) of the Rule
set forth five exceptions to the prior
parental consent requirement. Are the
exceptions in § 312.5(c) clear? If not,
how can they be improved, consistent
with the Act’s requirements?
21. Section 312.5(c)(3) of the Rule
requires that operators who collect
children’s online contact information
for the sole purpose of communicating
directly with a child after the child has
specifically requested such
communication must provide parents
with notice and the opportunity to optout of the operator’s further use of the
information (the ‘‘multiple contact’’
exception).
a. To what extent are operators using
the multiple contact exception to
communicate or engage with children
on an ongoing basis? Are operators
relying on the multiple contact
exception to collect more than just
online contact information from
children?
b. Should the multiple contact
exception be clarified or modified in
any way, consistent with the Act’s
requirements, to take into account any
changes in the manner in which
operators communicate or engage with
children?
c. Under this Part, acceptable notice
mechanisms include sending the optout notice by postal mail or to the
parent’s email address. Should
§ 312.5(c)(3) be modified to remove
postal mail as a means of delivering an
opt-out notice to parents?
d. Should § 312.5(c)(3) be otherwise
clarified or modified in any way to
reflect current or emerging technological
changes that have or may expand
options for the online contacting of
children or options for communications
between operators and parents?
22. Section 312.5(c)(4) of the Rule
requires an operator who collects a
child’s name and online contact
information to the extent reasonably
necessary to protect the safety of a child
PO 00000
Frm 00020
Fmt 4702
Sfmt 4702
17091
participant in the website or online
service to use reasonable efforts to
provide a parent notice and the
opportunity to opt-out of the operator’s
use of such information. Such
information must only be used to
protect the child’s safety, cannot be
used to re-contact the child or any other
purpose, and may not be disclosed.
a. To what extent, and under what
circumstances, do operators use
§ 312.5(c)(4) to protect children’s safety?
b. Are the requirements of
§ 312.5(c)(4) clear and appropriate? If
not, how can they be improved,
consistent with the Act’s requirements?
23. Section 312.5(c)(5) of the Rule
permits operators to collect a child’s
name and online contact information to
protect the security or integrity of the
site, take precautions against liability,
respond to judicial process, or to
provide information to law enforcement
agencies or in connection with a public
safety investigation.
a. To what extent, and under what
circumstances, do operators use
§ 312.5(c)(5)?
b. Are the requirements of
§ 312.5(c)(5) clear and appropriate? If
not, how can they be improved,
consistent with the Act’s requirements?
For example, should § 312.5(c)(5) of the
Rule be clarified to allow operators to
collect and maintain a child’s name
and/or online contact information for
the purpose of preventing future
attempts at registration?
F. Right of a Parent to Review and/or
Have Personal Information Deleted
24. Section 312.6(a) of the Rule
requires operators to give parents, upon
their request: (1) a description of the
specific types of personal information
collected from children; (2) the
opportunity to refuse to permit the
further use or collection of personal
information from the child and to direct
the deletion of the information; and (3)
a means of reviewing any personal
information collected from the child. In
the case of a parent who wishes to
review the personal information
collected from the child, § 312.6(a)(3) of
the Rule requires operators to provide a
means of review that ensures that the
requestor is a parent of that child (taking
into account available technology) and
is not unduly burdensome to the parent.
a. To what extent are parents
exercising their rights under
§ 312.6(a)(1) to obtain from operators a
description of the specific types of
personal information collected from
children?
b. To what extent are parents
exercising their rights under
§ 312.6(a)(2) to refuse to permit the
E:\FR\FM\05APP1.SGM
05APP1
17092
Federal Register / Vol. 75, No. 64 / Monday, April 5, 2010 / Proposed Rules
further use or collection of personal
information from the child and to direct
the deletion of the information?
c. To what extent are parents
exercising their rights under § 312.(a)(3)
to review any personal information
collected from the child?
d. Do the costs and burdens to
operators or parents differ depending on
whether a parent seeks a description of
the information collected, access to the
child’s information, or to have the
child’s information deleted?
e. Is it difficult for operators to ensure,
taking into account available
technology, that a requester seeking to
review the personal information
collected from a child is a parent of that
child?
f. Should § 312.6(a)(3) enumerate the
methods an operator may use to ensure
that a requestor seeking to review the
personal information collected from a
child is a parent of that child? Should
these methods be consistent with the
verification methods enumerated
currently or in the future in § 312.5(b)(2)
of the Rule?
g. Are the requirements of § 312.6
clear and appropriate? If not, how can
they be improved, consistent with the
Act’s requirements?
G. Prohibition Against Conditioning a
Child’s Participation on Collection of
Personal Information
25. COPPA and § 312.7 of the Rule
prohibit operators from conditioning a
child’s participation in an activity on
disclosing more personal information
than is reasonably necessary to
participate in such activity.
a. Do operators take this requirement
into account when shaping their online
offerings to children?
b. Has the prohibition been effective
in protecting children’s online privacy
and safety?
c. Is § 312.7 of the Rule clear and
adequate? If not, how could it be
improved, consistent with the Act’s
requirements?
srobinson on DSKHWCL6B1PROD with PROPOSALS
H. Confidentiality, Security and
Integrity of Personal Information
26. Section 312.8 of the Rule requires
operators to establish and maintain
reasonable procedures to protect the
confidentiality, security, and integrity of
personal information collected from a
child.
a. Have operators implemented
sufficient safeguards to protect the
confidentiality, security, and integrity of
personal information collected from a
child?
b. Is § 312.8 of the Rule clear and
adequate? If not, how could it be
VerDate Nov<24>2008
14:13 Apr 02, 2010
Jkt 220001
improved, consistent with the Act’s
requirements?
I. Safe Harbors
27. Section 312.10 of the Rule
provides that an operator will be
deemed in compliance with the Rule’s
requirements if the operator complies
with Commission-approved selfregulatory guidelines (the ‘‘safe harbor’’
process).
a. Has the safe harbor process been
effective in enhancing compliance with
the Rule?
b. Should the criteria for Commission
approval of a safe harbor program be
modified in any way to strengthen the
standards currently enumerated in
§ 312.10(b)?
c. Should § 312.10 be modified to
include a requirement that approved
safe harbor programs undergo periodic
reassessment by the Commission? If so,
how often should such assessments be
required?
d. Should § 312.10(b)(4) of the Rule,
regarding the Commission’s discretion
to initiate an investigation or bring an
enforcement action against an operator
participating in a safe harbor program,
be clarified or modified in any way?
e. Should any other changes be made
to the criteria for approval of selfregulatory guidelines, or to the safe
harbor process, consistent with the Act’s
requirements?
J. Statutory Requirements
28. Does the commenter propose any
modifications to the Rule that may
conflict with the statutory provisions of
the COPPA Act? For any such proposed
modification, does the commenter
propose seeking legislative changes to
the Act?
Section IV. Invitation to Comment
All persons are hereby given notice of
the opportunity to submit written data,
views, facts, and arguments pertinent to
this rule review. Written comments
must be received on or before June 30,
2010, and may be submitted
electronically or in paper form.
Comments should refer to ‘‘COPPA Rule
Review, P104503’’ to facilitate the
organization of comments. Please note
that your comment – including your
name and your state – will be placed on
the public record of this proceeding,
including on the publicly accessible
FTC website, at (https://www.ftc.gov/os/
publiccomments.shtm).
Because comments will be made
public, they should not include any
sensitive personal information, such as
any individual’s Social Security
number; date of birth; driver’s license
number or other state identification
PO 00000
Frm 00021
Fmt 4702
Sfmt 4702
number, or foreign country equivalent;
passport number; financial account
number; or credit or debit card number.
Comments also should not include any
sensitive health information, such as
medical records or other individually
identifiable health information. In
addition, comments should not include
any ‘‘[t]rade secret or any commercial or
financial information which is obtained
from any person and which is privileged
or confidential. . . ,’’ as provided in
Section 6(f) of the Federal Trade
Commission Act (‘‘FTC Act’’), 15 U.S.C.
46(f), and FTC Rule 4.10(a)(2), 16 CFR
4.10(a)(2). Comments containing
material for which confidential
treatment is requested must be filed in
paper form, must be clearly labeled
‘‘Confidential,’’ and must comply with
FTC Rule 4.9(c), 16 CFR 4.9(c).4
Because paper mail addressed to the
FTC is subject to delay due to
heightened security screening, please
consider submitting your comments in
electronic form. Comments filed in
electronic form should be submitted by
using the following weblink: (https://
public.commentworks.com/ftc/
2010copparulereview) (and following
the instructions on the web-based form).
To ensure that the Commission
considers an electronic comment, you
must file it at (https://
public.commentworks.com/ftc/
2010copparulereview). If this document
appears at (https://www.regulations.gov/
search/Regs/home.html#home), you
may also file an electronic comment
through that website. The Commission
will consider all comments that
regulations.gov forwards to it. You may
also visit the FTC website at (https://
www.ftc.gov) to read the document and
the news release describing it.
A comment filed in paper form
should include the ‘‘COPPA Rule
Review, P104503’’ reference both in the
text and on the envelope, and should be
mailed or delivered to the following
address: Federal Trade Commission,
Office of the Secretary, Room H-135
(Annex E), 600 Pennsylvania Avenue,
NW, Washington, DC 20580. The FTC is
requesting that any comment filed in
paper form be sent by courier or
overnight service, if possible, because
U.S. postal mail in the Washington area
and at the Commission is subject to
4 The comment must be accompanied by an
explicit request for confidential treatment,
including the factual and legal basis for the request,
and must identify the specific portions of the
comment to be withheld from the public record.
The request will be granted or denied by the
Commission’s General Counsel, consistent with
applicable law and the public interest. See FTC
Rule 4.9(c), 16 C.F.R. 4.9(c).
E:\FR\FM\05APP1.SGM
05APP1
Federal Register / Vol. 75, No. 64 / Monday, April 5, 2010 / Proposed Rules
delay due to heightened security
precautions.
The FTC Act and other laws the
Commission administers permit the
collection of public comments to
consider and use in this proceeding as
appropriate. The Commission will
consider all timely and responsive
public comments that it receives,
whether filed in paper or electronic
form. Comments received will be
available to the public on the FTC
website, to the extent practicable, at
(https://www.ftc.gov/os/
publiccomments.shtm). As a matter of
discretion, the Commission makes every
effort to remove home contact
information for individuals from the
public comments it receives before
placing those comments on the FTC
website. More information, including
routine uses permitted by the Privacy
Act may be found in the FTC’s privacy
policy, at (https://www.ftc.gov/ftc/
privacy.shtm).
Section V. Communications by Outside
Parties to Commissioners or Their
Advisors
Written communications and
summaries of transcripts of oral
communications respecting the merits
of this proceeding from any outside
party to any Commissioner or
Commissioner’s advisor will be placed
on the public record.5
List of Subjects in 16 CFR Part 312
Children, Communications, Consumer
protection, Electronic mail, E-mail,
Internet, Online service, Privacy, Record
retention, Safety, Science and
technology, Trade practices, Website,
Youth.
Authority: 15 U.S.C. §§ 6501-6508.
By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. 2010–7549 Filed 4–2–10; 10:31 am]
srobinson on DSKHWCL6B1PROD with PROPOSALS
BILLING CODE 6750–01–S
5 See
16 CFR Part 1.26(b)(5).
VerDate Nov<24>2008
14:13 Apr 02, 2010
Jkt 220001
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Food and Drug Administration
21 CFR Parts 882 and 890
[Docket No. FDA–2009–N–0493]
RIN 0910–ZA37
Neurological and Physical Medicine
Devices; Designation of Special
Controls for Certain Class II Devices
and Exemption From Premarket
Notification
AGENCY:
Food and Drug Administration,
HHS.
ACTION:
Proposed rule.
SUMMARY: The Food and Drug
Administration (FDA) is proposing to
amend certain neurological device and
physical medicine device regulations to
establish special controls for these class
II devices and to exempt some of these
devices from the premarket notification
requirements of the Federal Food, Drug,
and Cosmetic Act. Elsewhere in this
issue of the Federal Register, FDA is
publishing a notice of availability of
draft guidance documents that would
serve as special controls for each of
these devices if the rule is finalized.
DATES: Submit written or electronic
comments by July 6, 2010. See section
III of this document for the proposed
effective date of a final rule based on
this proposed rule.
ADDRESSES: You may submit comments,
identified by Docket No. FDA–2009–N–
0493 and/or RIN number 0910–ZA37,
by any of the following methods:
Electronic Submissions
Submit electronic comments in the
following way:
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
Written Submissions
Submit written submissions in the
following ways:
• FAX: 301–827–6870.
• Mail/Hand delivery/Courier [for
paper, disk, or CD–ROM submissions]:
Division of Dockets Management (HFA–
305), Food and Drug Administration,
5630 Fishers Lane, rm. 1061, Rockville,
MD 20852.
Instructions: All submissions must
include the agency name and docket
number and Regulatory Information
Number (RIN) (if a RIN number has been
assigned) for this rulemaking. All
comments will be posted without
change to https://www.regulations.gov,
including any personal information
provided. For additional information on
submitting comments, see the
PO 00000
Frm 00022
Fmt 4702
Sfmt 4702
17093
‘‘Comments’’ heading of the
SUPPLEMENTARY INFORMATION section of
this document.
Docket: For access to the docket to
read background documents or
comments received, go to https://
www.regulations.gov and insert the
docket number, found in brackets in the
heading of this document, into the
‘‘Search’’ box and follow the prompts
and/or go to the Division of Dockets
Management, 5630 Fishers Lane, rm.
1061, Rockville, MD 20852.
FOR FURTHER INFORMATION CONTACT:
Robert J. DeLuca, Center for Devices and
Radiological Health, Food and Drug
Administration, 10903 New Hampshire
Ave., Bldg. 66, rm. G214, Silver Spring,
MD 20993–0002, e-mail:
Robert.DeLuca@fda.hhs.gov, 301–796–
6630.
SUPPLEMENTARY INFORMATION:
I. Regulatory Authority
The Federal Food, Drug, and Cosmetic
Act (the act) (21 U.S.C. 301 et seq.), as
amended by the Medical Device
Amendments of 1976 (the 1976
amendments) (Public Law 94–295), the
Safe Medical Device Amendments
(SMDA) (Public Law 101–629), and the
Food and Drug Administration
Modernization Act (FDAMA) (Public
Law 105–115) established a
comprehensive system for the regulation
of medical devices intended for human
use. Section 513 of the act (21 U.S.C.
360c) established three categories
(classes) of devices, depending on the
regulatory controls needed to provide
reasonable assurance of their safety and
effectiveness. The three categories of
devices are class I (general controls),
class II (special controls), and class III
(premarket approval).
Most generic types of devices that
were on the market before the date of
the 1976 amendments (May 28, 1976)
(generally referred to as preamendments
devices) have been classified by FDA
under the procedures set forth in section
513(c) and (d) of the act through the
issuance of classification regulations
into one of these three regulatory
classes. Devices introduced into
interstate commerce for the first time on
or after May 28, 1976 (generally referred
to as postamendments devices) are
classified automatically by statute
(section 513(f) of the act) into class III
without any FDA rulemaking process.
These devices remain in class III and
require premarket approval, unless FDA
initiates the following procedures: (1)
FDA reclassifies the device into class I
or II; (2) FDA issues an order classifying
the device into class I or II in
accordance with section 513(f)(2) of the
E:\FR\FM\05APP1.SGM
05APP1
]]>Agencies
[Federal Register Volume 75, Number 64 (Monday, April 5, 2010)]
[Proposed Rules]
[Pages 17089-17093]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-7549]
=======================================================================
-----------------------------------------------------------------------
FEDERAL TRADE COMMISSION
16 CFR Part 312
Request for Public Comment on the Federal Trade Commission's
Implementation of the Children's Online Privacy Protection Rule
AGENCY: Federal Trade Commission.
ACTION: Request for public comment.
-----------------------------------------------------------------------
SUMMARY: The Federal Trade Commission (``FTC'' or ``Commission'')
requests public comment on its implementation of the Children's Online
Privacy Protection Act (``COPPA'' or ``the Act''), through the
Children's Online Privacy Protection Rule (``COPPA Rule'' or ``the
Rule''),. The Commission requests comment on the costs and benefits of
the Rule, as well as on whether it, or certain sections, should be
retained, eliminated, or modified. All interested persons are hereby
given notice of the opportunity to submit written data, views, and
arguments concerning the Rule.
DATES: Written comments must be received by June 30, 2010.
ADDRESSES: Interested parties are invited to submit written comments
electronically or in paper form, by following the instructions in the
Invitation To Comment part of the ``SUPPLEMENTARY INFORMATION'' section
below. Comments in electronic form should be submitted by using the
following weblink: (https://public.commentworks.com/ftc/2010copparulereview) (and following the instructions on the web-based
form). Comments in paper form should be mailed or delivered to the
following address: Federal Trade Commission, Office of the Secretary,
Room H-135 (Annex E), 600 Pennsylvania Avenue, NW, Washington, DC
20580, (202) 326-2252.
FOR FURTHER INFORMATION CONTACT: Phyllis Marcus, (202) 326-2854, or
Mamie Kresses, (202) 326-2070, Attorneys, Federal Trade Commission,
Division of Advertising Practices, Federal Trade Commission,
Washington, D.C. 20580.
SUPPLEMENTARY INFORMATION:
Section I. Background
The COPPA Rule, issued pursuant to the Children's Online Privacy
Protection Act, 15 U.S.C. Sec. 6501, et seq., became effective on
April 21, 2000. The Rule imposes certain requirements on operators of
websites or online services directed to children under 13 years of age,
and on operators of other websites or online services that have actual
knowledge that they are collecting personal information online from a
child under 13 years of age (collectively, ``operators'').\1\ Among
other things, the Rule requires that operators provide notice to
parents and obtain verifiable parental consent prior to collecting,
using, or disclosing personal information from children under 13 years
of age. The Rule also requires operators to keep secure the information
they collect from children and prohibits them from conditioning
children's participation in activities on the collection of more
personal information than is reasonably necessary to participate in
such activities. Further, the Rule contains a ``safe harbor'' provision
enabling industry groups or others to submit to the Commission for
approval self-regulatory guidelines that would implement the Rule's
protections.\2\
---------------------------------------------------------------------------
\1\ 16 CFR Part 312.
\2\ See 16 CFR Part 312.10; 64 FR at 59906-59908, 59915.
---------------------------------------------------------------------------
Section II. Rule Review
COPPA and Sec. 312.11 of the Rule required the Commission to
initiate a review no later than five years after the Rule's effective
date to evaluate the Rule's implementation. The Commission commenced
this mandatory review on April 21, 2005. After receiving and
considering extensive public comment on the Rule, the Commission
determined in March 2006 to retain the COPPA Rule without change.\3\
However, the Commission believes that changes to the online environment
over the past five years, including but not limited to children's
increasing use of mobile technology to access the Internet, warrant
reexamining the Rule at this time.
---------------------------------------------------------------------------
\3\ See 71 FR 13247 (Mar. 15, 2006).
---------------------------------------------------------------------------
In this notice, the Commission poses its standard regulatory review
questions to determine whether the Rule should be retained, eliminated,
or modified. In addition, the Commission identifies several areas where
public comment would be especially useful. First, the Commission asks
whether the Rule's current definitions are sufficiently clear and
comprehensive, or whether they might warrant modification or expansion,
consistent with the COPPA statute. Among other questions, the
Commission asks for comment on the application of the definition of
``Internet'' to mobile communications, interactive television,
interactive gaming, and similar activities. Further, the Commission
asks whether the Rule's definition of ``personal information'' should
be expanded to include other items of information that can be collected
from children online and are not currently specified in the Rule, such
as persistent IP addresses, mobile geolocation information, or
information collected in connection with online behavioral advertising.
The Commission also seeks comment on the use of automated systems
for reviewing children's web submissions (e.g., those that filter out
any personally identifiable information prior to posting). In addition,
the Commission asks whether change is warranted as to the Rule
provisions on protecting the confidentiality and security of personal
information, the right of parents to review or delete personal
information, and the prohibition against conditioning a child's
participation on the collection of personal information. Finally, the
Commission seeks comment about its role in administering the Rule's
safe harbor provisions.
Section III. Questions Regarding the COPPA Rule
The Commission invites members of the public to comment on any
issues or concerns they believe are relevant or appropriate to the
Commission's review of the COPPA Rule, and to submit written data,
views, facts, and arguments addressing the Rule. All comments should be
filed as prescribed in the Invitation To Comment part of the
``SUPPLEMENTARY INFORMATION'' section below, and must be received by
June 30, 2010. The Commission is particularly interested in comments
addressing the following questions:
A. General Questions for Comment
1. Is there a continuing need for the Rule as currently
promulgated? Why or why not?
a. Since the Rule was issued, have changes in technology, industry,
or economic conditions affected the need for or effectiveness of the
Rule?
b. What are the aggregate costs and benefits of the Rule?
c. Does the Rule include any provisions not mandated by the Act
that are unnecessary or whose costs outweigh their benefits? If so,
which ones and why?
[[Page 17090]]
2. What effect, if any, has the Rule had on children, parents, or
other consumers?
a. Has the Rule benefitted children, parents, or other consumers?
If so, how?
b. Has the Rule imposed any costs on children, parents, or other
consumers? If so, what are these costs?
c. What changes, if any, should be made to the Rule to increase its
benefits, consistent with the Act's requirements? What costs would
these changes impose?
3. What impact, if any, has the Rule had on operators?
a. Has the Rule provided benefits to operators? If so, what are
these benefits?
b. Has the Rule imposed costs on operators, including costs of
compliance in time or monetary expenditures? If so, what are these
costs?
c. What changes, if any, should be made to the Rule to reduce the
costs imposed on operators, consistent with the Act's requirements? How
would these changes affect the Rule's benefits?
4. How many small businesses are subject to the Rule? What costs
(types and amounts) do small businesses incur in complying with the
Rule? How has the Rule otherwise affected operators that are small
businesses? Have the costs or benefits of the Rule changed over time
with respect to small businesses? What regulatory alternatives, if any,
would decrease the Rule's burden on small businesses, consistent with
the Act's requirements?
5. Does the Rule overlap or conflict with any other federal, state,
or local government laws or regulations? How should these overlaps or
conflicts be resolved, consistent with the Act's requirements?
a. Are there any unnecessary regulatory burdens created by
overlapping jurisdiction? If so, what can be done to ease the burdens,
consistent with the Act's requirements?
b. Are there any gaps where no federal, state, or local government
law or regulation has addressed a problematic practice relating to
children's online privacy? Could or should any such gaps be remedied by
a modification to the Rule?
B. Definitions
6. Do the definitions set forth in Sec. 312.2 of the Rule
accomplish COPPA's goal of protecting children's online privacy and
safety?
7. Are the definitions in Sec. 312.2 clear and appropriate? If
not, how can they be improved, consistent with the Act's requirements?
8. Should the definitions of ``collects or collection'' and/or
``disclosure'' be modified in any way to take into account online
technologies and/or Internet activities and features that have emerged
since the Rule was enacted or that may emerge in the future? For
instance, how will the use of centralized authentication methods (e.g.,
OpenId) affect individual websites' COPPA compliance efforts?
9. The Rule considers personal information to have been
``collected'' where an operator enables children to make personal
information publicly available through a chat room, message board, or
other means, except where the operator ``deletes'' all individually
identifiable information from postings by children before they are made
public and deletes such information from the operator's records.
a. Are there circumstances in which an operator using an automated
system of review and/or posting meets the deletion exception to the
definition of collection?
b. Does the Rule's current definition of ``delete'' provide
sufficient guidance to operators about how to handle the removal of
personal information?
10. Should the definition of ``collection'' be modified or
clarified to include other means of collection of personal information
from children that are not specifically enumerated in the Rule's
current definition?
11. What are the implications for COPPA enforcement raised by
technologies such as mobile communications, interactive television,
interactive gaming, or other similar interactive media, consistent with
the Act's definition of ``Internet''?
12. The Rule defines ``personal information'' as individually
identifiable information about an individual collected online, and
enumerates such items of information. Do the items currently enumerated
as ``personal information'' need to be clarified or modified in any
way, consistent with the Act?
13. Section 1302(8)(F) of the Act provides the Commission with
discretion to include in the definition of ``personal information'' any
identifier that it determines would permit the physical or online
contacting of a specific individual.
a. Do operators, including network advertising companies, have the
ability to contact a specific individual, either physically or online,
using one or more pieces of information collected from children online,
such as user or screen names and/or passwords, zip code, date of birth,
gender, persistent IP addresses, mobile geolocation information,
information collected in connection with online behavioral advertising,
or other emerging categories of information? Are operators using such
information to contact specific individuals?
b. Should the definition of ``personal information'' in the Rule be
expanded to include any such information?
14. Are providers of downloadable software collecting information
from children that permits the physical or online contacting of a
specific individual?
15. Should the Rule define ``the physical or online contacting of a
specific individual,'' ``website,'' ``online service,'' or any other
term not currently defined? If so, how should such terms be defined,
consistent with the Act's requirements?
C. Notice
16. Section 312.4 of the Rule sets out the requirements for the
content and delivery of operators' notices of their information
practices with regard to children.
a. Are the requirements in this Part clear and appropriate? If not,
how can they be improved?
b. Should the notice requirements be clarified or modified in any
way to reflect changes in the types or uses of children's information
collected by operators or changes in communications options available
between operators and parents?
D. Parental Consent
17. Section 312.5 of the Rule requires operators to obtain
verifiable parental consent before collecting, using, and/or disclosing
personal information from children, including consent to any material
change to practices to which the parent previously consented. This Part
further requires operators to make reasonable efforts to obtain this
consent, which efforts are reasonably calculated to ensure that the
person providing consent is the child's parent, taking into
consideration available technology.
a. Has the consent requirement been effective in protecting
children's online privacy and safety?
b. What data exists on: (1) operators' use of parental consent
mechanisms; (2) parents' awareness of the Rule's parental consent
requirements; or (3) parents' response to operators' parental consent
requests?
18. Section 312.5(b)(2) of the Rule provides a non-exhaustive list
of approved methods to obtain verifiable parental consent, including:
providing a consent form to be signed by the parent and returned to the
operator; requiring a parent to use a credit card in connection with a
transaction; having a parent call a toll-free number staffed by trained
personnel; using a digital
[[Page 17091]]
certificate that uses public key technology; and using email
accompanied by a PIN/password obtained through one of the other
enumerated verification methods.
a. To what extent are operators using each of the enumerated
methods? Please provide as much specific data as possible, including
the costs and benefits associated with each method described.
b. Are there additional methods to obtain verifiable parental
consent, based on current or emerging technological changes, that
should be added to Sec. 312.5 of the Rule? What are the costs and
benefits of these additional methods?
c. Should any of the currently enumerated methods to obtain
verifiable parental consent be removed from the Rule? If so, please
explain which one(s) and why.
d. Are there methods for delivering a signed consent form, other
than postal mail or facsimile, that would meet the Rule's standards for
verifiable parental consent? Should these be specified in the Rule?
e. Are there current or emerging forms of payment, other than the
use of a credit card in connection with a transaction, that would meet
the Rule's standards for verifiable parental consent? Should these be
specified in the Rule?
f. The Rule permits use of a credit card in connection with a
transaction to serve as a form of verifiable parental consent. Is there
data available on the proliferation of credit cards, debit cards, or
gift cards among children under 13 years of age? What challenges, if
any, does children's use of credit, debit, and/or gift cards pose for
Rule compliance or enforcement?
g. Are there current or emerging forms of oral communication, other
than the use of a toll-free telephone number staffed by trained
personnel, that would meet the Rule's standards for verifiable parental
consent? Should these be specified in the Rule?
19. Section 312.5(b)(2) also sets forth a mechanism that operators
can use to obtain verifiable parental consent for uses of information
other than ``disclosures'' (the ``email plus mechanism''). The email
plus mechanism permits the use of an email coupled with additional
steps to provide assurances that the person providing consent is the
parent, including sending a confirmatory email to the parent following
receipt of consent or obtaining a postal address or telephone number
from the parent and confirming the parent's consent by letter or
telephone call. In 2006, the Commission announced that it would retain
the email plus mechanism indefinitely. See (https://www.ftc.gov/os/fedreg/2006/march/060315childrens-online-privacy-rule.pdf).
a. Does the email plus mechanism remain a viable form of verifiable
parental consent for operators' internal uses of information?
b. Are there other current or emerging forms of communications, not
enumerated in Sec. 312.5(b)(2), that would meet the Rule's standards
for verifiable parental consent for operators' internal uses of
information? Are any changes or modifications to this Part warranted?
E. Exceptions to Verifiable Parental Consent
20. COPPA and Sec. 312.5(c) of the Rule set forth five exceptions
to the prior parental consent requirement. Are the exceptions in Sec.
312.5(c) clear? If not, how can they be improved, consistent with the
Act's requirements?
21. Section 312.5(c)(3) of the Rule requires that operators who
collect children's online contact information for the sole purpose of
communicating directly with a child after the child has specifically
requested such communication must provide parents with notice and the
opportunity to opt-out of the operator's further use of the information
(the ``multiple contact'' exception).
a. To what extent are operators using the multiple contact
exception to communicate or engage with children on an ongoing basis?
Are operators relying on the multiple contact exception to collect more
than just online contact information from children?
b. Should the multiple contact exception be clarified or modified
in any way, consistent with the Act's requirements, to take into
account any changes in the manner in which operators communicate or
engage with children?
c. Under this Part, acceptable notice mechanisms include sending
the opt-out notice by postal mail or to the parent's email address.
Should Sec. 312.5(c)(3) be modified to remove postal mail as a means
of delivering an opt-out notice to parents?
d. Should Sec. 312.5(c)(3) be otherwise clarified or modified in
any way to reflect current or emerging technological changes that have
or may expand options for the online contacting of children or options
for communications between operators and parents?
22. Section 312.5(c)(4) of the Rule requires an operator who
collects a child's name and online contact information to the extent
reasonably necessary to protect the safety of a child participant in
the website or online service to use reasonable efforts to provide a
parent notice and the opportunity to opt-out of the operator's use of
such information. Such information must only be used to protect the
child's safety, cannot be used to re-contact the child or any other
purpose, and may not be disclosed.
a. To what extent, and under what circumstances, do operators use
Sec. 312.5(c)(4) to protect children's safety?
b. Are the requirements of Sec. 312.5(c)(4) clear and appropriate?
If not, how can they be improved, consistent with the Act's
requirements?
23. Section 312.5(c)(5) of the Rule permits operators to collect a
child's name and online contact information to protect the security or
integrity of the site, take precautions against liability, respond to
judicial process, or to provide information to law enforcement agencies
or in connection with a public safety investigation.
a. To what extent, and under what circumstances, do operators use
Sec. 312.5(c)(5)?
b. Are the requirements of Sec. 312.5(c)(5) clear and appropriate?
If not, how can they be improved, consistent with the Act's
requirements? For example, should Sec. 312.5(c)(5) of the Rule be
clarified to allow operators to collect and maintain a child's name
and/or online contact information for the purpose of preventing future
attempts at registration?
F. Right of a Parent to Review and/or Have Personal Information Deleted
24. Section 312.6(a) of the Rule requires operators to give
parents, upon their request: (1) a description of the specific types of
personal information collected from children; (2) the opportunity to
refuse to permit the further use or collection of personal information
from the child and to direct the deletion of the information; and (3) a
means of reviewing any personal information collected from the child.
In the case of a parent who wishes to review the personal information
collected from the child, Sec. 312.6(a)(3) of the Rule requires
operators to provide a means of review that ensures that the requestor
is a parent of that child (taking into account available technology)
and is not unduly burdensome to the parent.
a. To what extent are parents exercising their rights under Sec.
312.6(a)(1) to obtain from operators a description of the specific
types of personal information collected from children?
b. To what extent are parents exercising their rights under Sec.
312.6(a)(2) to refuse to permit the
[[Page 17092]]
further use or collection of personal information from the child and to
direct the deletion of the information?
c. To what extent are parents exercising their rights under Sec.
312.(a)(3) to review any personal information collected from the child?
d. Do the costs and burdens to operators or parents differ
depending on whether a parent seeks a description of the information
collected, access to the child's information, or to have the child's
information deleted?
e. Is it difficult for operators to ensure, taking into account
available technology, that a requester seeking to review the personal
information collected from a child is a parent of that child?
f. Should Sec. 312.6(a)(3) enumerate the methods an operator may
use to ensure that a requestor seeking to review the personal
information collected from a child is a parent of that child? Should
these methods be consistent with the verification methods enumerated
currently or in the future in Sec. 312.5(b)(2) of the Rule?
g. Are the requirements of Sec. 312.6 clear and appropriate? If
not, how can they be improved, consistent with the Act's requirements?
G. Prohibition Against Conditioning a Child's Participation on
Collection of Personal Information
25. COPPA and Sec. 312.7 of the Rule prohibit operators from
conditioning a child's participation in an activity on disclosing more
personal information than is reasonably necessary to participate in
such activity.
a. Do operators take this requirement into account when shaping
their online offerings to children?
b. Has the prohibition been effective in protecting children's
online privacy and safety?
c. Is Sec. 312.7 of the Rule clear and adequate? If not, how could
it be improved, consistent with the Act's requirements?
H. Confidentiality, Security and Integrity of Personal Information
26. Section 312.8 of the Rule requires operators to establish and
maintain reasonable procedures to protect the confidentiality,
security, and integrity of personal information collected from a child.
a. Have operators implemented sufficient safeguards to protect the
confidentiality, security, and integrity of personal information
collected from a child?
b. Is Sec. 312.8 of the Rule clear and adequate? If not, how could
it be improved, consistent with the Act's requirements?
I. Safe Harbors
27. Section 312.10 of the Rule provides that an operator will be
deemed in compliance with the Rule's requirements if the operator
complies with Commission-approved self-regulatory guidelines (the
``safe harbor'' process).
a. Has the safe harbor process been effective in enhancing
compliance with the Rule?
b. Should the criteria for Commission approval of a safe harbor
program be modified in any way to strengthen the standards currently
enumerated in Sec. 312.10(b)?
c. Should Sec. 312.10 be modified to include a requirement that
approved safe harbor programs undergo periodic reassessment by the
Commission? If so, how often should such assessments be required?
d. Should Sec. 312.10(b)(4) of the Rule, regarding the
Commission's discretion to initiate an investigation or bring an
enforcement action against an operator participating in a safe harbor
program, be clarified or modified in any way?
e. Should any other changes be made to the criteria for approval of
self-regulatory guidelines, or to the safe harbor process, consistent
with the Act's requirements?
J. Statutory Requirements
28. Does the commenter propose any modifications to the Rule that
may conflict with the statutory provisions of the COPPA Act? For any
such proposed modification, does the commenter propose seeking
legislative changes to the Act?
Section IV. Invitation to Comment
All persons are hereby given notice of the opportunity to submit
written data, views, facts, and arguments pertinent to this rule
review. Written comments must be received on or before June 30, 2010,
and may be submitted electronically or in paper form. Comments should
refer to ``COPPA Rule Review, P104503'' to facilitate the organization
of comments. Please note that your comment - including your name and
your state - will be placed on the public record of this proceeding,
including on the publicly accessible FTC website, at (https://www.ftc.gov/os/publiccomments.shtm).
Because comments will be made public, they should not include any
sensitive personal information, such as any individual's Social
Security number; date of birth; driver's license number or other state
identification number, or foreign country equivalent; passport number;
financial account number; or credit or debit card number. Comments also
should not include any sensitive health information, such as medical
records or other individually identifiable health information. In
addition, comments should not include any ``[t]rade secret or any
commercial or financial information which is obtained from any person
and which is privileged or confidential. . . ,'' as provided in Section
6(f) of the Federal Trade Commission Act (``FTC Act''), 15 U.S.C.
46(f), and FTC Rule 4.10(a)(2), 16 CFR 4.10(a)(2). Comments containing
material for which confidential treatment is requested must be filed in
paper form, must be clearly labeled ``Confidential,'' and must comply
with FTC Rule 4.9(c), 16 CFR 4.9(c).\4\
---------------------------------------------------------------------------
\4\ The comment must be accompanied by an explicit request for
confidential treatment, including the factual and legal basis for
the request, and must identify the specific portions of the comment
to be withheld from the public record. The request will be granted
or denied by the Commission's General Counsel, consistent with
applicable law and the public interest. See FTC Rule 4.9(c), 16
C.F.R. 4.9(c).
---------------------------------------------------------------------------
Because paper mail addressed to the FTC is subject to delay due to
heightened security screening, please consider submitting your comments
in electronic form. Comments filed in electronic form should be
submitted by using the following weblink: (https://public.commentworks.com/ftc/2010copparulereview) (and following the
instructions on the web-based form). To ensure that the Commission
considers an electronic comment, you must file it at (https://public.commentworks.com/ftc/2010copparulereview). If this document
appears at (https://www.regulations.gov/search/Regs/home.html#home), you
may also file an electronic comment through that website. The
Commission will consider all comments that regulations.gov forwards to
it. You may also visit the FTC website at (https://www.ftc.gov) to read
the document and the news release describing it.
A comment filed in paper form should include the ``COPPA Rule
Review, P104503'' reference both in the text and on the envelope, and
should be mailed or delivered to the following address: Federal Trade
Commission, Office of the Secretary, Room H-135 (Annex E), 600
Pennsylvania Avenue, NW, Washington, DC 20580. The FTC is requesting
that any comment filed in paper form be sent by courier or overnight
service, if possible, because U.S. postal mail in the Washington area
and at the Commission is subject to
[[Page 17093]]
delay due to heightened security precautions.
The FTC Act and other laws the Commission administers permit the
collection of public comments to consider and use in this proceeding as
appropriate. The Commission will consider all timely and responsive
public comments that it receives, whether filed in paper or electronic
form. Comments received will be available to the public on the FTC
website, to the extent practicable, at (https://www.ftc.gov/os/publiccomments.shtm). As a matter of discretion, the Commission makes
every effort to remove home contact information for individuals from
the public comments it receives before placing those comments on the
FTC website. More information, including routine uses permitted by the
Privacy Act may be found in the FTC's privacy policy, at (https://www.ftc.gov/ftc/privacy.shtm).
Section V. Communications by Outside Parties to Commissioners or Their
Advisors
Written communications and summaries of transcripts of oral
communications respecting the merits of this proceeding from any
outside party to any Commissioner or Commissioner's advisor will be
placed on the public record.\5\
---------------------------------------------------------------------------
\5\ See 16 CFR Part 1.26(b)(5).
---------------------------------------------------------------------------
List of Subjects in 16 CFR Part 312
Children, Communications, Consumer protection, Electronic mail, E-
mail, Internet, Online service, Privacy, Record retention, Safety,
Science and technology, Trade practices, Website, Youth.
Authority: 15 U.S.C. Sec. Sec. 6501-6508.
By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. 2010-7549 Filed 4-2-10; 10:31 am]
BILLING CODE 6750-01-S
