A Republican sponsor, Rep. Joe Barton (R-Tex.) says that “It is important that our teenagers receive protections. They are prone to mistakes; we need to make sure those mistakes aren’t exploited online.”
Meanwhile, California also just passed the online “eraser” law. California SB 568 requires “the operator of an Internet Web site, online service, online application, or mobile application to permit a minor who is a registered user of the operator’s Internet Web site, online service, online application, or mobile application, to remove, or to request and obtain removal of, content or information posted”. The law kicks in on January 1st. It also prohibits websites from targeting minors with products like e-cigarettes and tattoos.
Despite the DNTK proposal, it remains that state legislatures and attorneys general continue to take the lead in privacy legislation and enforcement. See, http://www.nytimes.com/2013/10/31/technology/no-us-action-so-states-move-on-privacy-law.html
See also, State AGs Chuckle at Idea of Federal Breach Law: https://www.privacyassociation.org/publications/amidst_u.s._govt_shutdown_state_ags_chuckle_at_idea_of_federal_breach_law
“Operators” include website operators, and per the CA AG, that would be software operators and mobile apps that transmit and collect PII online. The law does not prohibit commercial websites or online services from tracking and gathering personal information from its users – just addresses notice policies and procedures. In that regard it does not prompt an “opt in” option on the operator’s website or app – which would require a consumer/customer to affirmatively allow the operator to share PII. It is an update to CalOPPA (“California Online Privacy Protection Act of 2003”).
And see also: The FTC has denied an application seeking approval of a proposed verifiable parental consent method submitted by AssertID, Inc., under COPPA.
In a letter to AssertID, the Commission noted that the company’s proposal failed to provide sufficient evidence that its method would meet the requirements set out under the rule. Specifically, the Commission noted that there was not yet adequate research or market testing to show the effectiveness of the AssertID “social-graph verification” method.