Publishings

FOR IMMEDIATE RELEASE Dec. 6, 2012 New Survey Reveals Strong Support for Updating Children’s Online Privacy Protection Act Majority express concerns about new marketing and data-collection practices such as behavioral profiling and mobile tracking WASHINGTON, DC and SAN FRANCISCO – Two leading nonprofit groups, the Center for Digital Democracy and Common Sense Media, today released the results of a new survey on public attitudes about children’s online privacy. The study — conducted over a two-week period in November by Princeton Research Associates International (PSRAI) — polled more than 2,000 adults and found overwhelming support for the Children’s Online Privacy Protection Act (COPPA), the law that requires parental consent before websites can collect personal information from children under the age of 13. The findings revealed strong support not only for the basic principles of the law, but also for several key proposed changes in the rules that would address a range of online business practices — including mobile marketing and behavioral profiling — that have emerged since the COPPA took effect more than a decade ago. The Federal Trade Commission is expected to announce a number of updates to the COPPA regulations in the coming weeks. The majority of respondents in the survey (90%) expressed support for COPPA’s basic requirement that online companies seeking to collect personal information from young children must first obtain permission from parents. In addition, the survey found significantly high levels of support for safeguards to protect children from many of the data collection and marketing practices that are frequently used to target them in today’s digital media environment. Respondents expressed disapproval of a number of techniques increasingly employed by many child-directed websites — 80% of adults were opposed to allowing advertisers to collect and use information about a child’s activities online, even in cases where advertisers do not know the actual name and address of a child. The survey also found that both parents and nonparents largely agree on many points: 91% of both parents and adults believe it is not okay for advertisers to collect information about a child’s location from that child’s mobile phone. 94% of parents and 91% of adults agree that advertisers should receive the parent’s permission before putting tracking software on a child’s computer.96% of parents and 94% of adults expressed disapproval when asked if it is “okay OK for a website to ask children for personal information about their friends.” 91% of parents said they strongly disagree with the idea, as did 86% of adults. Congress passed COPPA in 1998 with bipartisan support. The law established a set of safeguards for website operators targeting children under 13, and ensured that parents would play the key decision-making role in determining whether and how their children’s personal information would be used in the online environment. The law was purposely designed to respond to changing technologies and business practices, and requires the Federal Trade Commission to conduct periodic reviews. A coalition of child advocacy, consumer, public health, and privacy groups has called on the FTC to update its COPPA rules to cover many of the techniques that marketers are using today, which include: collecting geolocation information from a child’s mobile phone; targeting children and their friends through social networks and interactive games; and employing cookies, plug-ins, and other software to track young peoples’ online behaviors. The FTC proposed changes to the rules last year, and has sought comments from a wide range of industry and public interest groups, but has yet to release its revised regulations. “It is clear from these findings that the public supports strong action by the FTC to address the disturbing and widespread practices that threaten the privacy and safety of our nation’s children,” said Kathryn C. Montgomery, Ph.D, professor of communication at American University and one of the leaders of the campaign to pass COPPA during the 1990s. “Children should be able to reap the benefits of this new participatory media culture without being subjected to techniques that take advantage of their developmental vulnerabilities. We must ensure that the COPPA rules are updated effectively so that the generation of young people growing up online today will be treated fairly in the growing digital marketplace.” “The results of this poll should be a wake-up call to the industry that parents understand what’s at stake for their kids in a digital world, and want the power to protect their children to remain in their hands,” said James P. Steyer, CEO and founder, Common Sense Media. “The industry argues that updates to COPPA will stifle innovation and cost jobs, when in fact, they should respect the role of parents and use it build consumer trust. The FTC’s recommended updates to COPPA represent the most important regulation of the past 10 years when it comes to protecting our kids’ privacy. They will help ensure that parents have better information and tools, and that parents -- not third-party ad networks and data brokers -- get to decide when their children’s personal information can -- and can’t -- be collected, shared, and sold.” Additional information about the survey, including a summary of findings, full tables, and an infographic can be found at www.democraticmedia.org and www.commonsense.org/COPPA (link is external). To download the summary of findings directly, and a new Infographic on "Big Data, Little Kids," see attached. About Center for Digital Democracy The Center for Digital Democracy (CDD) is recognized as one of the leading consumer protection and privacy organizations in the United States. Since its founding in 2001 (and prior to that through its predecessor organization, the Center for Media Education), CDD has been at the forefront of research, public education, and advocacy on protecting consumers in the digital age. Its impact has been highly significant, fostering widespread debate, educating a spectrum of stakeholders, and creating a legacy of government and self-regulatory safeguards across a variety of Internet and digital media platforms. CDD’s public education programs are focused on informing consumers, policy makers, and the press about contemporary digital marketing issues, including its impact on public health, children and youth, and financial services. For more information, visit www.democraticmedia.org (link is external). About Common Sense Media Common Sense Media is dedicated to improving the lives of kids and families by providing the trustworthy information, education, and independent voice they need to thrive in a world of media and technology. We exist because our kids are growing up in a culture that profoundly impacts their physical, social, and emotional well-being. We provide families with the advice and media reviews they need in order to make the best choices for their children. Through our education programs and policy efforts, Common Sense Media empowers parents, educators, and young people to become knowledgeable and responsible digital-citizens. For more information, go to: www.commonsense.org (link is external).

The Children's Online Privacy Protection Act (COPPA) protects children's privacy online. It is a powerful safeguard empowering parents to make decisions about how personal information from their child can be collected and used. As the Federal Trade Commission nears its historic vote to ensure that COPPA addresses the range of digital data collection practices that threaten child privacy--including from behavioral profiling and geo-location targeting--here's a brief primer.

Facebook engaged in a "Thanksgiving surprise" last week (link is external), announcing changes to its "Rights and Responsibilities" system of involving users in its decisions on data collection and privacy. It also announced plans designed to make additional collection of data readily available for them to use, including from so-called affiliates. Through its Facebook Exchange (link is external)and other data-enabled marketing (link is external) services--especially designed to bolster its ability (link is external)to monetize (link is external) through mobile devices--the social media behometh is pushing the privacy envelope. EPIC and CDD's letter asks Mr. Zuckerberg to reverse course. Stay tuned for further action. PS: Take a look at this clip (link is external)from Citizen Kane, when he signed his "Declaration of Principles." Remember when you see it that Kane--as he becomes successful as a media mogul--abandons them.

CDD and EPIC (link is external) submitted this letter to the FTC today. Both groups have had a long history of monitoring Facebook's privacy and online data-related marketing practices. We have both worked to ensure that the FTC and other regulators engage in the due diligence required to ensure Facebook respects the privacy rights of its users. Over the last several months, we have especially analyzed Facebook's growing (link is external)use of user data (link is external) as part of its ad exchange (link is external), including Datalogix (link is external). There are a range of data partners (link is external)that raise critical concerns. Here are some of Datalogix's data collection and user targeting affiliates--a never ending data daisy chain: Admeld (link is external), adnetik (link is external) (Digilant), appnexus, (link is external) Audience Science (link is external), bluekai (link is external), Cadreon (link is external), DataXU, (link is external) eXelate (link is external), invite media, (link is external) jumptap (link is external), Lotame (link is external), Mediamat (link is external)h, netmining, resonate, Rocket Fuel, (link is external) Tribal Fusion, TURN, (link is external) ValueClick, Vivaki, (link is external) X+1 (link is external) and Xaxis. The letter is attached.

Continuing its work to protect the privacy of children under 13 in the "Big Data" era, a coalition of leading groups just filed Comments with the Federal Trade Commission on its proposed new rules under the Children's Online Privacy Protection Act (COPPA). Many of these groups worked to get the law passed back in 1998. Even back then the kinds of personalized data collection commonplace today was part of our design for COPPA (since the basic "one-to-one" data collection model has remained a dominant paradigm). Under the proposed FTC rules, parents would be empowered for the first time to make decisions about whether online marketers, including on mobile devices, can stealthily use "cookies" and other unique and persistent identifiers to track and target a child. The filing explains how companies such as Viacom (Nick.com, etc), Time Warner/Turner (Cartoon Network) and Disney (Disney XD, etc) are using advanced state of the art data collection tools to track, profile and target users online. It discusses documents and other information we uncovered during our investigation for this filing that raise serious concerns about the commitment of many online companies to protect the privacy of kids and ensure parents are in charge. Groups filing these comments with CDD include: American Academy of Child and Adolescent Psychiatry, Berkeley Media Studies Center, Campaign for a Commercial Free-Childhood, Center for Media Justice, CSPI, ChangeLab Solutions, Children Now, Consumer Action, Consumer Federation of America, Consumers Union, the advocacy and policy division of Consumer Reports, Consumer Watchdog, National Consumers League, Privacy Rights Clearinghouse, Public Citizen, Public Health Advocacy Institute and The Praxis Project. The FTC filing was written by Prof. Angela Campbell and Fellow Laura Moy at the Institute for Public Representation, Georgetown Law Center. She was assisted by her able law students. CDD provided research and analysis.

CDD statement on today's FTC COPPA (link is external) proposal. Today, the FTC took a giant step to protect children's privacy by proposing that the online data broker industry be required to comply with the Children's Online Privacy Protection Act (COPPA). Children--like adults--confront a pervasive data collection and targeting system made up of ad networks, data exchanges, and other digital marketing companies able to target anyone in real-time. The FTC's proposal ensures that parents will have control over how information can be collected from their children via mobile phones, online games and when they use computers. In addition, the commission will also rein in the data brokers targeting kids who use social media, so-called "plug-ins," to gather information on a child and their friends. Consumer, child advocacy, privacy and public health groups have called on the FTC to ensure that COPPA protects kids and empowers parents in today's data collection intensive, targeting 24/7 online environment. This proposal will help accomplish this. We are concerned, however, about the lobbying of the Walt Disney Company and others to secure an exemption for so-called family websites. We will be reviewing the commission's proposal and industry practices on such sites.

When CDD reviewed the proposed Facebook Sponsored Stories (link is external) settlement it was clear it failed to address how marketing and targeting on the social network really works. It also didn't do anything to ensure that parents and teens have the control they require over the Sponsored Story process (link is external) and its inter-related series (link is external)of premium ad products. Clearly, Facebook users require a settlement that protects their privacy and rights. As Sponsored Stories is deployed on the mobile p (link is external)latform, and Facebook users confront new privacy threats from the Facebook Exchange ad targeting (link is external) service, as well as new measurement (link is external) capabilities, policies need to be enacted to protect users (especially adolescents and other youth). We revised our letter of objection, now that a new Judge has been assigned to the case.

This letter was sent today to Lawrence Strickling, Ass't Sec of Commerce, as well as The White House. Despite our best efforts (link is external) to encourage the Commerce Department to ensure that people across the country can meaningfully participate in the first key stakeholder meeting scheduled for 12 July, the agency has failed to embrace an effective means to do so. Over the last few weeks we did get the Commerce people to change their plans to allow some outside of the Beltway involvement--but in a very limited way. The groups previously submitted a set of principles (link is external) last February to help govern the negotiations and ensure equitable representation and deliberation. Today's letter is attached. See too Consumer Federation of America press statement. (link is external)

Today, CDD, Consumers Union and a coalition of leading child advocacy, health, consumer and privacy groups sent a letter to Facebook CEO Mark Zuckerberg. The letter discusses the safeguards required to ensure Facebook `does no harm' to young people if it decides to open its platform to children (in order to comply with COPPA, etc).

Today we filed Comments on the Obama Administration's privacy plan via the Dep't of Commerce proceeding. Highlights below. Need for Legislation: We have said from the beginning of this process that the reliance on multi-stakeholder negotiations to effectively protect consumer welfare, including privacy, is a flawed approach....what is required is more courageous action by the Obama Administration: the submission to Congress of draft legislation that implements the CPBR principles. Multi-stakeholder Negotiations Must Address the Full Scope of the CPBR Principles at Each Stage: In order for any “code of conduct” to be developed, each issue (such as mobile applications, ethnic/racial digital profiling, youth online marketing, real-time targeting) must reflect all of the administration’s Privacy Bill of Rights. Stakeholders Should Decide the Topics, not the Administration: The administration should respect the independence of the multi-stakeholder process to identify issues for negotiation. Commit to the W3C’s Do-Not-Track Multi-stakeholder Process: The administration should clarify that it fully supports the multi-stakeholder process now underway by the World Web Consortium’s Tracking Protection Working Group. The support by the White House of the Digital Advertising Alliance’s closed-door, non-transparent, and non-representative work on Do-Not-Track suggests there is a lack of serious commitment to an independent and participatory multi-stakeholder process. The Department of Commerce should immediately recognize that the WC3’s work on Do-Not-Track is part of the development of meaningful new codes of conduct... All Issues Must Be on the Table, with No Exemptions for Self-regulatory Codes: Some digital data collection trade groups have suggested, in recent Congressional testimony, that the multi-stakeholder deliberations “should target only those issues that are not subject to existing statutory regimes or self-regulatory programs..." The administration should reject such a self-serving suggestion, which would deprive U.S. consumers of having fairly negotiated codes of conduct. Industry self-regulatory codes have been developed without public input, and already have drawn criticism from leading scholars. All issues must be addressed if this process is to have credibility Ensuring a Transparent and Open Process: these deliberations must be public...We urge that they be Webcast, and that there is a robust mechanism put in place for both the news media and the public to be informed of the proceedings... Issues related to both Children and Adolescents Should Be Addressed in Every Topic Identified for a Code of Conduct: Rather than addressing young people under a separate code of conduct, we support identifying the child and adolescent issues raised by each issue Concerns on the International Role for the Multi-stakeholder Negotiations and Codes of Conduct: We have grave reservations about the U.S. attempting to negotiate a “code of conduct” as the equivalent of formal law (such as in the EU) or where effective new consumer protection laws are required (such as in South America or the Asia Pacific markets). There isn’t a one-size-protects-all privacy regime that can be exported from the U.S Ensuring an Informed Discussion About the Digital Data Collection Landscape: One cannot easily choose a small piece of the puzzle (such as the “low-hanging fruit” of mobile privacy) to tackle, because all types of data collection and analysis are intrinsically connected to the fundamental forces shaping privacy in the commercial digital era. Ensuring Civil Society Participation, Especially Independent NGOs: We support the “Principles for Multi-Stakeholder Process” endorsed by leading NGOs on February 23, 2012 (with the leadership of the World Privacy Forum)... There must be robust civil society involvement in each deliberation, with sufficient levels of participation to ensure an effective—not marginal—contribution.

FTC Makes Advances Protecting the Privacy of Americans in Big Data Era, with Call for Congress to Rein-in Data Brokers But major concerns loom as report leaves consumers vulnerable to widespread data collection and tracking. Battles ahead as consumer group presses for action Statement of Jeff Chester, Executive Director, Center for Digital Democracy The Commission’s new privacy report zeros in on one of the most glaring threats to consumers today—the growth of the online-merged with-offline data collection complex. In its call for Congress to enact legislation to rein in the data broker industry, the FTC has opened up an important new ‘front’ in the battle to protect consumer privacy. Today, consumers face an ever growing and largely invisible data apparatus that collects and pools their information 24/7. The harvesting and sale--often in real-time--of our valuable data, including about our financial and health interests, poses a major threat to consumers. The FTC’s call for legislation is a digital wake-up call to Congress. The commission’s recommendation that Do-Not-Track means do not collect, potentially could help create a powerful new privacy tool for consumers. Overall, the FTC’s call for ensuring the public has greater control over how their data is collected and used online, should prompt industry leaders to rethink how they address protecting consumer privacy. The FTC's further clarification of what is considered personally identifiable information is also a step forward. However, we call on the FTC to specifically spell out how to ensure consumers have meaningful “choice” to control the collection and use of their information. The commission’s overall support for industry self-regulation (such as the largely invisible “icon” placed on ads) is disappointing, and reveals a FTC still too often constrained from effectively protecting the public. We see this report and the recent White House Consumer Privacy Bill of Rights endorsing what consumer groups have been warning about for years--that the Internet's growing focus on the tracking of individuals, along with the sale of their data by a largely out of view digital marketing industry, requires 21st Century consumer protection safeguards. Other key elements in the report: The commission’s proposal on affiliates and third-parties also helps rein-in a dizzying digital-consumer tracking daisy chain. Websites that share data with other parts of their company or ad networks require new safeguards. Requiring affirmative consent for the collection and use of sensitive information, including on first and third party sites. This is a positive step forward as consumers increasingly are targeted by financial and health marketers. But if consumers are to be protected, the FTC (and for financial, the CFPB) must engage in serious enforcement efforts. Called on the online ad industry (Digital Advertising Alliance, DAA) to work “within the W3C process” on Do-not-Track. The World Wide Web Consortium's (W3C) work on Do-not-Track is being potentially undermined by a separate effort organized by the DAA. Today, the FTC sent a message that it expects the online ad industry to work with the “multi-stakeholder” process established by W3C. [CDD is a member of the W3C Tracking Protection Group]. The commission resisted calls from the telephone and cable lobby to endorse the controversial Deep-Packet Inspection (DPI) surveillance system. The FTC plans to hold a workshop and conduct further study on this critical privacy and civil liberties issue, which is prudent. The report calls for greater protections for teens when they are targeted, something CDD has urged. The commission will expand its focus on mobile privacy, including applications and transactions.

This letter was sent today to US and EU policymakers.

This letter from the US/EU consumer group organization (link is external)Trans Atlantic Consumer Dialogue, which formally advises both the EU and US, calls on Google to suspend its planned privacy changes.

CDD has made a commitment to the White House that it will work on “multi-stake holder” negotiations to help develop new consumer online privacy safeguards. We recognize that in the absence of federal legislation, the inability of the FTC to issue regulations, and the ever-increasing digital data collection system, some progress must be made to protect consumers. Increasingly, consumers face a daily whirlwind of data collection, confronting a vast and largely uncontrollable apparatus that tracks their every move. Whether we are using a PC, a mobile device, playing a video game or even listening to music, our information is being stealthily packaged into personal data profiles. Our financial, health, political, and family data are sold to the highest online bidder, whether they are marketers, financial companies or even political parties. The White House’s new framework for protecting privacy, especially its Bill of Rights, is an important development to protect consumers in the digital age. Consumers require a “Bill of Rights” that ensure they are in control over their personal information—not the digital data companies. As the public increasingly relies on the Internet to make purchases and other financial decisions, they also should have 21st Century consumer protection safeguards. However, the new framework largely depends on the development of voluntary codes of conduct, to be negotiated between consumer groups and companies like Google, Facebook, Microsoft, Yahoo and others. Consumers groups, such as CDD, will engage in these negotiations in good faith. But we cannot accept any “deal” that doesn’t really protect consumers, and merely allows the data-profiling status quo to remain. Instead of negotiations, CDD would have preferred the White House to introduce new legislation that clearly protected consumers online. Two, we are very concerned that the Administration’s new privacy plan is designed to undermine the European Union’s rights-based approach protecting privacy. The U.S. online data companies are the global leaders in digital advertising, especially Google and Facebook. These companies increasingly feel threatened by a EU approach that protects its citizens from pervasive and unaccountable data collection. We will not support an effort by the U.S. to secure a trade agreement with the EU and the Asia Pacific region that permits digital marketers to collect user data unabated. A voluntary code of conduct should not be the basis of a global trade deal designed to bolster Google and Facebook profits. Finally, we are also concerned about today’s announcement by the Digital Advertising Alliance (DAA), including Google, that they will develop its own Do-Not-Track system. The plan by the DAA to add Do-Not-Track to its self-regulatory system could derail a promising privacy effort by the Worldwide Web Consortium standards group (W3C) that is being designed to give consumers greater control over data collection. The new DAA scheme will enable companies to continue to collect profiling data on users, and merely prevent the delivery of targeted ads. DAA members are terrified about the development of a DNT system with teeth, which would stop so much data collection, profiling and tracking. The White House and the FTC should ensure that consumers can receive the benefits of a robust, uniform and independent DNT service. We should not allow Do-Not-Track to be hijacked by the data collection industry

The attached complaint was sent today to the FTC, including the following to the Secretary, Commissioners, and staff: The Center for Digital Democracy submits this complaint regarding the failure of Google, Inc. to abide by the commission's Consent Decree in the Google "Buzz" case (Docket No. C-4366). We respectfully urge the FTC to find Google in violation of the Consent Decree for its failure to accurately and honestly inform users the real reasons it is changing its privacy policy. This petition provides data and analysis showing how Google's business practices, especially those announced or implemented in 2011, are the real reasons why it is now altering its consumer privacy practices. CDD also seeks to have the FTC request that Google postpone the launch of its new privacy policy on March 1, 2012, pending the outcome of its investigation. Here's an excerpt: We believe that an analysis of Google’s business operations over the last year will demonstrate the true rationale for the changes to its privacy policy—which has nothing to do with making it “easier” or “more convenient” for users. We fail to see where Google has provided to users—as it claims to have done in its “Compliance Report” submitted to the commission—“clear information in order to exercise meaningful choice regarding their continued use of Google services….” In particular, Google fails to inform its users that the new privacy regime is based on its own business imperatives: to address competition from Facebook; to grow its capacity to finely profile and target through audience buying; to collect, integrate, and utilize a user’s information in order to expand its social media, social search, and mobile marketing activities (through YouTube, Google+, and Admob, for example); to extend the length of time during which users are subject to targeting and real-time auctions via its DoubleClick Ad Exchange and Display Network; to provide additional data points for its Teracent, Invite Media, and Admeld operations; and generally to expand its DoubleClick operations. Finally, Google should have explained to consumers what it told a private industry meeting—that to help fulfill its February 2011 prediction that display advertising will be a $200 billion dollar global industry, it would need to better integrate user data across platforms and application using digital ad marketing automation.

Here's the abstract.Powerful new digital marketing techniques permit beer and alcohol companies to deeply penetrate into the hearts and minds of consumers, and their social networks of friends. The growing sophistication and capabilities of online marketing, increasingly integrated into the lifestyles of youthful and Internet connected consumers throughout the world, pose potential public health concerns—as well as opportunities. Marketing today has been transformed from the viewing of a single advert on television or in print, into experiencing interactive and highly personalized content that influences what we consume and purchase. Alcoholic beverage companies are winning global awards for their campaigns, including those launched in the Asia Pacific, EU, North and South America markets.Today, a single user can be stealthily tracked and profiled throughout their “online journey”—including their visits to many websites and they actions they take--as their information is collected and analyzed. Then so-called online “behavioral” advertising takes this profile data to target an individual user more precisely.. Mobile phone and location marketing permit marketers to “geo-target” users in specific geographic areas and at defined times. Digital advertising can operate across so-called multiple platforms—following a single consumer whether they are in front of the personal computer, using a mobile device, or even soon while watching television. Super-fast computers are able to identify a single individual who might be a suitable target for an online alcohol ad—and sell them in real-time to the highest bidder.Facebook and other social media enable marketers to go beyond the targeting of individuals to also influence and “activate” ones network of friends. The goal for much of social media marketing is to encourage consumers to do the marketing for the brand, through new forms of viral and other “peer-to-peer” endorsements. Millions of Facebook members are now regularly reached by alcoholic beverage companies.Online marketers are increasingly relying on the use of “neuromarketing” to create ads and other content expressly designed to penetrate the subconscious minds of users. Through the use of “immersive” online content, including entertainment, digital marketers are creating new forms of story-telling designed to increase brand loyalty and sales.

Facial recognition technologies are now a part of the commercial digital marketing "complex," providing additional data and "activation" techniques designed to trigger engagement and commercial behavior. The Federal Trade Commission requested comments on the issue. Although CDD is concerned about the use of Facial Recognition on all consumers/citizens, inc. adults, we focused on the need for child and adolescent safeguards. Facial Recognition tactics have already become a part of youth marketing, inc, for food (link is external)and beverage (link is external) products. Here's an excerpt with filing attached: The growth of real-time targeting, with the routine merging of offline and online data for profiling-based user ad sales, is the context for the FTC to develop safeguards related to FR. Physical data will be added to the plethora of information layered to target users (which now also includes increasingly neuromarketing-derived data. The commission must also address how FR is designed to identify and target multicultural youth. Today, digital marketers engage in a range of ethnic and racial targeting, including children of color. African-American, Hispanic/Latino and Asian-American children and adolescents are the focus of wide-ranging data collection, profiling, and targeting applications. The use of FR to identify race/ethnicity without COPPA or new adolescent digital marketing rules requires proactive policy action by the commission... The commission must take into consideration, in its work to address FR, the current state of behavioral advertising and related digital direct marketing applications—including cross-platform. FR cannot be viewed in isolation, and an effective and comprehensive set of safeguards are required in the youth digital marketplace... CDD urges the FTC to issue appropriate rules, under its current COPPA proceeding, that place decisions about the use of FR under the control of a parent or appropriate adult guardian. It also must recommend new safeguards for adolescents, giving them greater information and control over how interactive marketing applications and data collection, including FR, are used in targeting. Specifically, we ask that: 1. The commission issue a regulation, under the COPPA rule, stipulating that the results of facial recognition applications are inherently personally identifiable information, and thus cannot be collected or used without parental consent. 2. For teens, companies must have a clear opt-in structure in order to undertake FR. 3. The commission oversee the development of a set of Fair Marketing Practices for all digital marketing targeting both children and teens, which should address how the overall use of facial recognition will be governed.