/cdn.vox-cdn.com/uploads/chorus_asset/file/25835547/spacex_debris.jpg "SpaceX’s fiery Starship explosion put on a fantastic show but delayed and diverted flights")
.png "FTC tightens rules on children’s online privacy with new opt-in requirements")
The Federal Trade Commission (FTC) has finalised significant updates to its children’s privacy regulations, requiring companies to obtain explicit parental consent before using children’s data for targeted advertising and limiting how long businesses can retain young users’ personal information.
The changes to the Children’s Online Privacy Protection Rule, announced on 16 January 2025, mark the first major update since 2013 and received unanimous approval from the commission in a 5-0 vote.
“The updated COPPA rule strengthens key protections for kids’ privacy online,” said FTC chair Lina M. Khan. “By requiring parents to opt in to targeted advertising practices, this final rule prohibits platforms and service providers from sharing and monetising children’s data without active permission.”
Under the new rules, websites and online services must obtain separate verifiable parental consent before sharing children’s personal information with third parties. Companies are also prohibited from retaining children’s data indefinitely, instead being required to keep information only for as long as necessary to fulfil specific documented purposes.
Senator Edward Markey, who authored the original Children’s Online Privacy Protection Act in 1998, welcomed the changes. “I applaud the Federal Trade Commission for its bipartisan action to update the COPPA Rule, helping it keep pace with the ever-evolving digital landscape,” he said. However, he emphasised that further action was needed, calling for Congress to pass additional legislation to “extend these protections to teenagers, block targeted advertising to kids and teens, and give young people an eraser button to delete their personal information.”
The definition of personal information has been expanded to include biometric identifiers such as fingerprints, retina patterns, and facial templates. The commission also strengthened transparency requirements for self-regulatory “Safe Harbor” programmes, which must now publicly disclose their membership lists.
However, the FTC dropped several proposed changes from its January 2024 draft, including restrictions on push notifications and new requirements for educational technology companies. The commission indicated it wanted to avoid potential conflicts with upcoming Department of Education privacy regulations.
Incoming FTC chair Andrew Ferguson, while voting to approve the rules, criticised the timing of their release. “No one should have any doubt that these issues are the result of the outgoing administration’s frantic rush to finalise rules on their way out the door,” he said in a statement.
The new regulations will take effect 60 days after publication in the Federal Register, with covered entities given one year to achieve full compliance with most requirements.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25835669/att_air.jpg "AT&T pulls its 5G internet service in NY over new affordable internet law")
/cdn.vox-cdn.com/uploads/chorus_asset/file/25835602/Switch_DonkeyKongCountryReturnsHD_scrn_19.png "Nintendo omits original Donkey Kong Country Returns team from the remaster’s credits")
