Dive Brief:
- There were 730 public comments submitted to the Federal Register regarding the Federal Trade Commission’s proposed regulation changes to the Children’s Online Privacy Protection Act, or COPPA Rule. The proposal, announced in December, would place new guardrails on a company’s ability to profit from using children’s personal data.
- Feedback provided during the open comment period, which closed March 11, included support among individual parents and the National Association of Attorneys General, as well as calls from information and technology industry leaders to adjust parts of the proposal.
- Of the FTC proposal’s potential impact on K-12 and ed tech, global nonprofit Future of Privacy Forum publicly commented that the FTC should work with the U.S. Department of Education to establish and maintain joint guidance on how ed tech companies and schools should navigate and align COPPA and the Family Educational Rights and Privacy Act.
Dive Insight:
The wide range of comments on the suggested updates to the COPPA Rule comes as more school leaders and lawmakers aim to take on technology and social media companies' impact on student mental health. At the same time, protecting student data privacy is also a district priority with sensitive data collected by schools becoming increasingly vulnerable to data breaches and cyberattacks.
COPPA is a federal law that gives parents control over what data websites can gather from their children under 13 years of age, while the COPPA Rule is a regulation that enforces the placement of additional protections and establishes other procedures that these companies must follow.
Some of the FTC’s proposed changes would still allow ed tech providers to collect, use and disclose students’ data — with a school or school district’s authorization — as long as it’s for permitted school purposes and not commercial use.
The proposed rule would also strengthen COPPA’s data security requirements. If finalized, the rule would implement further limitations on retaining data and would prohibit operators from using children’s information for secondary purposes or keeping the data indefinitely. Parents would also have to give their verifiable consent to online service providers before companies could use data for targeted advertising to third parties.
Given that there hasn’t been an update to the COPPA Rule since 2013, the National Association of Attorneys General encouraged the FTC to update the rule “to keep pace and give State Attorneys General the tools they need to respond to a digital world rife with risk.”
In a public comment submitted by the Information Technology Industry Council, the advocacy group for the high tech sector said the retention of children’s data in an educational context should be determined by the school instead of an ed tech vendor.
Meanwhile, momentum is growing in Congress for the Kids Online Safety Act, a bipartisan bill that would require social media platforms to enable the strongest privacy settings for children by default. The bill would also give parents more tools on platforms to see and control privacy and account settings, which would automatically turn on for children under 13 and would be optional for teens ages 13 to 16. Similar to COPPA, the bill focuses on placing safeguards for children younger than 13.
The bill would also ensure independent audits and research examining how social media companies are impacting the well-being of children and teens. Over 60 senators currently support the bill.
In February, a bipartisan group of senators also reintroduced and cosponsored an updated version of a COPPA 2.0 bill, which would ban targeted advertising to kids and teens, and require companies to give parents and children the ability to delete information.
Dive Awards
