U.S. Federal Trade Commission building in Washington, D.C.

The enforcement of a regulation applauded for its ability to balance citizens' privacy and not trample innovation may have hit its "best-by" date. 

On July 17, the Federal Trade Commission published a request for public comment regarding the effectiveness of the Children Online Privacy Protection Act (COPPA) Rule, and whether changes to enforcement are needed. It acknowledged that rapid tech growth was the impetus for considering updates.

Lawyers said it was too soon to tell what modifications, if any, are in store for COPPA enforcement, but noted the call for comment highlights the FTC's continued focus on protecting children's online privacy.

COPPA, which went into effect in 2000, requires certain websites and online services that collect personal information of children younger than 13 to provide notice to parents and obtain verifiable parental consent before collecting, using or disclosing a child's personal information.

The FTC's announcement may have caught some by surprise because the commission typically reviews its rules every 10 years. However, the FTC noted that tech's rapid change warranted an earlier reexamination.

"Rapid changes in technology, including the expanded use of education technology, reinforce the need to reexamine the COPPA Rule at this time," the commission wrote in its press release announcing the call for comment.

Hinch Newman defense and data privacy compliance attorney Richard Newman said the commission's move to reexamine COPPA matches its ongoing attention to children's privacy.

"The FTC dedicates significant resources to protecting children," Newman wrote in an email. "The evaluation of whether further amendments to the COPPA Rule are warranted is largely the result of a rapidly evolving technological landscape, including social media, interactive television and gaming and other interactive media."

Covington & Burling partner Lindsey Tonsager said it's too early to know if the rule will be updated, but added she doesn't think modifications would include requiring parental consent for a child's entire online activity or banning advertising to children.

While not directly announcing it will update COPPA enforcement, the FTC did provide some insight into what it's pondering when it comes to the regulation. In the announcement, the commission asked six questions that included if they should modify the rule to "encourage" platforms targeting a general audience to identify and police child-directed content uploaded by third parties. Additionally, the FTC asked if COPPA affected the availability of websites or online services directed to children and if education technology in schools should have a parental consent exemption.

The comment requests come after consumer and public health groups accused YouTube and Amazon.com Inc.'s Echo Dot Kid of violating COPPA. In June, The Washington Post reported the FTC was in the late stages of an investigation into whether YouTube improperly collected children's data under COPPA.

Although COPPA accusations have been directed at some high-profile companies, Tonsager noted not all calls for comment leads to updates. Indeed, in 2005 the FTC issued a press release requesting comment on COPPA's "sliding scale" approach to parental consent. Yet COPPA rules weren't updated until 2013 after the FTC initiated a review in 2010.

As the FTC addresses COPPA complaints and reads comments after the 90-day submission window closes, Tonsager advised companies to collect only necessary data.

"Regardless of whether the FTC is looking at the rule or not, I think the common best practice is to collect only the information that you need. The data minimization helps regardless if the regulator is looking at its rule and is at the heart of the COPPA rulemaking," she said.