FTC Issues Policy Statement Emphasizing to the Ed Tech Industry That Children Shouldn’t Have To Surrender Their Privacy Rights To Learn
Recent Developments Prompting Call for Guidance
COPPA applies to website operators that either target children under 13 or have actual knowledge that children under 13 are providing personal information. Since its enactment, the FTC has made a conscious effort to update COPPA so that it is in tune with society. In 2013, the FTC expanded COPPA to address the growing use of mobile devices, apps, and social networking. It also expanded the rule to hold third parties operating child directed sites and collecting children’s personal information accountable. Now, according to the FTC, two developments premised its recent Policy Statement on Education Technology and COPPA (Policy Statement): (1) the introduction of ed tech devices in the classroom; and (2) the ever-growing technologies that monetize personal information collection. Although the ed tech industry has offered innovative online learning solutions in light of the ongoing pandemic, amassing benefits that allow students to learn from the comfort of their own homes in the spirit of safety, the increasingly rigorous collection of children’s data stirs questions about children’s privacy and what information these companies are collecting. Said another way, the ongoing pandemic has produced an unprecedented immersion of learning, technology, and children’s privacy rights in the school and other educational settings.
The Policy Statement
As the FTC has always maintained that child-targeted platforms are covered entities under COPPA, this Policy Statement serves as a reminder that these rules apply not just to mobile games and websites with cartoons, but also to ed tech platforms that collect information from children for educational purposes.
In setting forth the recent Policy Statement, the FTC focuses on a few areas: (1) limitations on use of personal information collected from children under 13 with the school’s authorization for any commercial purpose, including marketing or advertising, (2) retention limitations, including that personal information should not be kept for longer than is necessary to fulfill the purpose for which it was collected, and (3) security requirements. All of these requirements apply to all entities covered by COPPA. That said, with more ed tech being used in the classroom with permission often being granted by school authorities on behalf of parents, this is a strong reminder that the rules still apply and that additional limitations apply as well.
Additionally, the Policy Statement warns against forcing students to disclose information through mandatory collection tactics. Thus, COPPA-covered companies should also avoid denying children access to ed tech when or if they refuse to sign up for commercial surveillance. These companies should also avoid illegally surveilling online learning as the FTC explicitly stated that it plans to “crack down” on illegal surveillance of children learning online. In short, according to the FTC, children should not have to surrender their privacy rights to learn.
The Policy Statement is a warning and reminder to all website operators collecting information from children under 13, and especially ed tech companies, with the FTC indicating that a “crack down” is on the horizon. While the FTC previously enforced COPPA in connection with child-directed mobile apps, including those with an educational focus, many viewed past enforcements as action taken on personal use of websites and technologies geared to children. This recent Policy Statement reminds website operators that the rules also apply in the school context. Please find the Policy Statement here. If you have any questions, please contact Eva Pulliam, Christine Chong, Destiny Planter, or the ArentFox Schiff professional who usually handles your matters.
- Related Practices