In a move intended to give parents greater control over data collected about their children online, federal regulators on Wednesday broadened longstanding privacy safeguards covering children's apps and Web sites.
Members of the Federal Trade Commission said they had updated the provisions to keep pace with the growing use of mobile phones and tablets among children. The regulations also reflect innovations like voice recognition technology, global positioning systems and behavior-based online advertising -- that is, ads tailored to an Internet user's habits.
Regulators had not significantly changed the original rule, based on the Children's Online Privacy Protection Act of 1998, or Coppa, since its inception. That rule required operators of Web sites directed at children to notify parents and obtain their permission before collecting or sharing personal information -- like first and last names, phone numbers, home addresses or e-mail addresses -- from children under 13.
Legislators who enacted that law said the intent was to give parents control over entities seeking to collect information about their children so that parents could, among other things, prevent unwanted contact by strangers.
The new rule, unveiled at a news conference in Washington, significantly expands the types of companies required to obtain parental permission before knowingly collecting personal details from children, as well as the types of information that will require parental consent to collect.
Jon D. Leibowitz, the chairman of the F.T.C., described the rule revision as a major advance for children's privacy.
"Congress enacted Coppa in the desktop era and we live in an era of smartphones and mobile marketing," Mr. Leibowitz said. "This is a landmark update of a seminal piece of legislation."
In an era of widespread photo sharing, video chatting and location-based apps, the revised rule makes clear that online operators must obtain parental consent before collecting certain details that could be used to identify, contact or locate a child. These include photos, videos and audio recordings as well as the location of a child's mobile device.
While the new rule strengthens such safeguards, it could also disrupt online advertising. Web sites and online advertising networks often use persistent identification systems -- like a customer code number in a cookie in a person's browser -- to collect information about a user's online activities and tailor ads for that person.
But the new rule expands the definition of personal information to include persistent IDs -- such as a customer code number, the unique serial number on a mobile phone, or the I.P. address of a browser -- if they are used to show a child behavior-based ads. It also requires third parties like ad networks and social networks that know they are operating on children's sites or apps to notify and obtain consent from parents before collecting such personal information. And it makes children's sites or apps responsible for notifying parents about data collection by third parties integrated into their services.
Collecting data to show children contextual ads based on the content of a site or app, however, will not require parental consent.
"The only limit we place is on behavioral advertising," Mr. Leibowitz said. "Until and unless you get parental consent, you may not track children to create massive profiles" for behavior-based ads.
Stuart P. Ingis, a lawyer representing several marketing associations, said that reputable online marketers did not knowingly profile children to show them behavior-based ads. He added that industry guidelines prohibited the practice.
He agreed with regulators that privacy protections for children online needed to keep pace with new technologies. But he said he was concerned that the restrictions on cookie-based identifiers might cause some children's sites to reduce their use of outside services to avoid notifying parents about data collection by those services.
"The F.T.C. is saying that it is the obligation of first parties not to allow third-party ad networks or social network plug-ins on their site," said Mr. Ingis, who represents the Direct Marketing Association and the Association of National Advertisers. "There might be overreaction that would limit just general third-party collection of data, which is very useful to businesses and consumers."interact
This article originally appeared in The New York Times.