A lot has changed online since 1998, when the FTC set up a privacy protection law for children online—and the federal organization believes it's time for an update. New rules expected within weeks would require companies to get parental consent for a wider range of data collection on kids—including the use of tracking cookies, the New York Times reports. The bottom line is that kids in the age of mobile apps and the like may be inadvertently sharing personal information with scores of companies, and "the concern is that a lot of this may be going on without anybody’s knowledge," says an FTC official.
The 1998 rule, for instance, barred firms from getting kids' phone numbers without their parents' consent. But companies like McDonald's ask children to upload photos so they can "get in the picture with Ronald McDonald." The result: McDonald's had a huge collection of photos of children, viewable by anyone, kids' advocates say. In other cases, companies seek emails from kids or ask for their friends' first names and email addresses. What's more, "pretty much all of the same technologies used to track adults are being used on kids’ web sites," says a security expert. Indeed, the Times finds 13 trackers on a Disney games site. (Read more online privacy stories.)