FTC to Increase Efforts to Protect Children’s Privacy
WASHINGTON — Parents will no longer have to choose between their children’s data privacy and online learning as the Federal Trade Commission steps up its enforcement of the Children’s Online Privacy Protection Act.
“Students must be able to do their schoolwork without surveillance by companies looking to harvest their data to pad their bottom line,” said Samuel Levine, director of the commission’s Bureau of Consumer Protection, in a statement.
“Parents should not have to choose between their children’s privacy and their participation in the digital classroom. The FTC will be closely monitoring this market to ensure that parents are not being forced to surrender to surveillance for their kids’ technology to turn on.”
The commission reemphasized it is against the law for companies to force parents and schools to surrender their children’s privacy rights in order to do schoolwork online or attend class remotely. The FTC went one step further Thursday when the commissioners voted unanimously to increase penalties for companies not adhering to the law.
The policy statement makes clear that the commission will vigilantly enforce the law to ensure that companies covered under COPPA are complying with all of the rule’s provisions.
The policy statement notes that companies that fail to follow the COPPA rule could face potential civil penalties and new requirements and limitations on their business practices aimed at stopping unlawful conduct.
This is particularly important as more schools use online technology to help children learn, the commissioners said.
Commissioner Rebecca Kelly Slaughter, a mother, spoke about how her kindergartener used online tools for remote learning. And while the technology has immense benefits, she is concerned about the data collection, especially with the prolonged use of technology in schools.
“As the commission’s statement emphasizes, there are huge benefits to using this technology to facilitate learning, but that cannot come at the price of surveillance of our kids and unlawful collection and use of their information outside the law,” Slaughter said during Thursday’s meeting.
The law bars companies from collecting information including children’s full names, addresses, contact information, geolocation information, as well as photos, videos or other documents uploaded onto a website such as homework.
“Most importantly, folks that aren’t steeped in the intricacies of privacy law may be surprised to know that COPPA provides for perhaps the strongest, though under-enforced, data minimization rule in U.S. privacy law,” Slaughter said.
The commission plans to ensure educational tech companies cannot bar someone from using their technology if they opt out of the private data collection. It also will go after companies that appear to use data collected from children through these educational applications for advertising purposes.
Companies will also not be able to retain personal data for future use if a student is no longer using the application, according to the rules.
Parents should already be able to access data a tech company has on their child and can decide to withdraw consent for a company to collect data on their child.
Commissioners said this is the first step in better enforcing these data privacy laws for children because any website or application that has children under 13 using its services is protected by this law.
“These statutory provisions do not apply exclusively to ed tech companies, and their rigorous enforcement will stretch beyond the ed tech ecosystem, too. A recent study suggested that up to a fifth of all the Android apps available on the play store directed at kids may be in violation of the statute. I hope all COPPA covered companies take a long look at the text of the statute and think as seriously about their compliance obligations as we’ll think about our enforcement ones,” Slaughter said.
Madeline can be reached at [email protected] or on Twitter @ByMaddieHughes