Senator Mark Pryor (D-AR) is circulating some basic parameters from which to work on minors' privacy. As Chairman of the Senate Commerce Committee's Subcommittee on Consumer Protection, the Senator has a keen interest in data privacy and data security, and protecting minors plays a major role in his work.
MRA has met with his staff and will continue to work with them on these issues.
Here are the key points raised in Senator Pryor's paper of interest to the survey, opinion and marketing research profession. It is important to consider them carefully, since he may seek to turn these parameters into some form of legislation in the near future.
- Direct the FTC to promulgate a rule that would require entities that operate sites or applications that publically host user generated content and have access to a user’s personal information to provide the technical capability to accommodate and make every reasonable effort to comply with a request from a content originator who is under the age of 18 to delete an account or account related data that is under the sole purview of the content originator. This should exclude such things as message board postings.
- Require any entity that publicly hosts accounts with user generated content to clearly and conspicuously provide an easily accessible community reporting and policing option.
- Require default privacy settings to be set on the most limited option offered by the entity.
- Amend the definition of personal information to give FTC authority to include criteria that may be deemed necessary to better protect children and teens.
- Require any company that collects or monitors data to provide clear and conspicuous disclosure of the extent, nature, and specific purpose of data collection and surveillance practices, including specific disclosure of the extent, nature, and specific purpose of data used by third-party entities. All third parties with access to collected data will be subject to the same regulations as the first party that collected data.
- Require an opt-out option for first-party collected data and targeted marketing to users 13-17; opt-in for third-party use of data, including targeted marketing to 18 and under on mobile platforms. Companies should be encouraged to make every effort to make collected data anonymous and collection should be limited only to what is necessary to provide a requested service or transaction.
- Provide FTC safe-harbor for entities that utilize FTC guidelines for user friendly privacy policies. Encourage entities to utilize layered privacy policies to retain limitations on liability, but also provide simpler privacy policies that consumers will actually read across all platforms.
- Update COPPA to apply to mobile platforms and applications.
- FTC should initiate a review of COPPA at least every three years, not 10.
- Include preemption, but allow for enforcement by State Attorneys General.