This is page 2 of:
With Fed Child Rules Moving In-Store Via Mobile, How Will You Know Who’s A Child?
The rules allowing FTC prosecutions for unfair or deceptive trade practices allow for a wide range of infractions, not dissimilar to how the FBI will use postal fraud, racketeering or tax evasion to pursue organized crime assassins.
Deceptive trade practices rules “always provide that baseline level of protection,” said Manas Mohapatra, the FTC’s director of mobile policy within its mobile technology unit. It’s necessary because the United States doesn’t have many direct privacy laws. “The fact is that there is no general baseline privacy legislation” that Congress has ever approved, Mohapatra said.
COPPA’s protections are for children younger then 13. Some vendors have made a habit of tracking purchases and online activities of children much younger than that, but they’re not supposed to record the data. Many still do, though, although it’s typically done in aggregate for distribution to clients and third-parties. Some have even raised the possibility of selling that information individually once the children “age out” to 13 because they are no longer protected. That way, retailers and manufacturers could have full preference histories of these new teen-age shoppers.
The changes to the law will likely include a blanket declaration that any “geolocation data constitutes personal information” along with a phone’s unique identifiers, Mohapatra said. As marketers are unlikely to come out and say that a shopper’s movements are being tracked, that’s how the feds plan on making their civil charges, based less on the tracking and more on the fact that the tracking wasn’t disclosed.
“It will really all depend on the promises made to the consumers,” he said.
These changes will put retailers in an awkward position. Clearly, the advice would be to not track children and especially those younger than 13, but that may be a lot more difficult to do in practice. As malls and stores track mobile device activity, it will be common to have no idea the age of the shoppers associated with those devices.
To make matters more complicated, younger and younger kids are being given smartphones and other mobile devices. The days when a seven-year-old walking around a mall with his own iPad would be absurd are gone. (As a parent, I can still consider it absurd, but absurd is not a synonym for rare.)
In effect, retailers may be tracking children without any awareness that they are tracking children. In federal civil cases, mens rea—the so-called criminal intent—is often not needed. If a retailer engages in a prohibited act, it will be of little defense help that the retailer didn’t know it at the time.
Ironically, one way to deal with this is to ask shoppers how old they are, which is precisely the kind of personal data collection that these programs are designed to discourage. If no information about age is gathered, the only safe route is to halt any mobile tracking—which is clearly not going to happen.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
