Protecting Kids Online: FTC review of the COPPA Rule

October 9, 2019

Rectangle Circle

A blog post by our COO Dr. Martyn Farrows on this week’s FTC workshop on COPPA.

Earlier this week, the Federal Trade Commission (FTC) in the US hosted a public workshop to explore whether to update the Children’s Online Privacy Protection Rule.

The COPPA Rule, which was originally enacted in 1998, imposes requirements on operators of websites and online services that are directed at children under the age of 13, or that may be collecting personal information from children.  

The Rule was already updated in 2013 to reflect changes in the way that children use the internet, including the increased use of mobile devices and social networking — in particular, by widening the definition of children’s personal information to include “persistent identifiers” such as cookies that track a child’s activity online, geolocation information, photos, videos, and audio recordings.

While still a relatively recent piece of legislation, COPPA continues to be the “gold standard” when it comes to a regulatory framework for protecting children’s digital rights. This was underlined recently in a $170M enforcement action against Google and YouTube for alleged violations. The FTC have signaled their intent to invest more resources into enforcement. The FBI have also become involved, issuing a public service announcement in September 2018 “encouraging public awareness of cyber threat concerns related to K-12 students.”

While the FTC generally applies a 10-year review cycle to its Rules, SoapBox Labs is happy to see this third review already underway with voice and edtech as key areas of focus. The constant and rapid evolution of the online world means that the adoption of voice technology is also being accelerated, and it’s of critical importance that children’s rights and protections move apace. The experience of GDPR in Europe will also be a new point of reference for the FTC — and, no doubt, there will be learnings on the child-specific protections from GDPR.

This week’s FTC workshop in Washington DC focused on the increased use of IoT devices, social media, educational technology, and general audience platforms hosting third-party child-directed content like YouTube.

From our point of view, as providers of kids speech recognition to the PreK-12 education market, the most interesting discussion centered around the increasing adoption of edtech and voice (for example, how the Rule should address consent in the future for education technology vendors that collect personal information from kids). 

As today’s EdSurge article on the topic explains, schools can currently consent as the parents’ agent when websites and technology platforms are collecting data that is educational in nature and not used for commercial purposes. The challenge now will be drawing a distinct line under what is considered commercial, or purely for the child’s benefit. 

SoapBox Labs will continue to follow these discussions closely, and we’ll do more by submitting our own views on potential updates and changes to COPPA during this comment period. We’ll also make our submission public and look forward to engaging with interested parties on it.

Here are the full proceedings of the workshop.

Share this