Digital Discourse / Archives for COPPA

SIIA Supports COPPA’s Extension of Schools as Consent Providers

April 26, 2013 By

The Federal Trade Commission yesterday released its updated FAQs clarifying the amended rule implementing the Children’s Online Privacy Protection Act (COPPA) released in December, 2012. Included are several clarifications long championed by SIIA regarding the intersection of COPPA and children’s online activities in the school setting.

For those not familiar, in short, COPPA requires parental consent under certain conditions for the online collection of personal information from children under age 13. SIIA has long supported this important law for helping protect children’s privacy and safety, and has also worked with the FTC and other stakeholders to ensure COPPA implementation does not bring inappropriate or unintended consequences that limit technology innovation and the user experience.

According to the new COPPA FAQ:

  • “COPPA does not preclude schools from acting as intermediaries between operators and parents in the notice and consent process, or from serving as the parent’s agent in the process of collecting personal information online from students in the school context.”
  • “COPPA does not apply where a school has contracted with an operator to collect personal information from students for the use and benefit of the school, and for no other commercial purpose.”

These provisions are important to minimize the barriers to student access to instructional technologies and digital learning within the school context. Both extend on the role of schools as trusted agents of student learning, privacy and safety, including that governed by the Family Educational Rights and Privacy Act (FERPA) as well as by Acceptable Use Policies (AUPs) signed between parents and schools. They help provide for student’s seamless access to online teaching and learning opportunities in the timely manner needed to address their educational needs under the guidance of their teacher and school, and governing local school board policies. The alternative of requiring parental consent in each case would present a significant administrative barrier, potentially put certain students at an educational disadvantage when consent cannot be secured in a timely manner, and would often leave students and teachers unable to take advantage of a “teachable moment.”

While the continuation of these school provisions is welcome, the updated FAQs do include some new guidance that will require further analysis and consideration. For example, the FTC guidance now requires that: “. . . the operator must provide the school with full notice of its collection, use, and disclosure practices, so that the school may make an informed decision.” And the FTC separately describes what information a school “should” seek from an operator, including “What are the operator’s data retention and deletion policies for children’s personal information?”

SIIA members can review a more detailed summary and analysis on new COPPA regulations and guidance. [Updated May 9, 2013]

SIIA looks forward to working further with public officials, families, educators and digital learning providers to ensure that children have access to critical online learning opportunities and applications in an appropriately safe and secure manner. This includes SIIA’s ongoing work around FERPA (the Family Educational Rights and Privacy Act), which governs educational institutions and agencies through the U.S. Department of Education and is referenced in the COPPA FAQ.

Mark SchneidermanMark Schneiderman is Senior Director of Education Policy at SIIA.

Share|
Filed Under: Data-Driven Innovation, Ed Tech Government Forum, Education, Education Policies, Education Policy, Personalized Learning, Policy, Policy - Privacy Tagged With: , , , , , ,

COPPA Rulemaking Goes Far Beyond Congressional Intent; Will Harm American Innovation

September 24, 2012 By

SIIA today filed comments with the Federal Trade Commission regarding its notice of proposed rulemaking on the Children’s Online Privacy Protection Act (COPPA). SIIA expressed significant concern that the FTC is creating a burdensome regulatory framework that goes well beyond congressional intent.

The FTC’s proposed COPPA rulemaking takes the effort to protect online privacy and turns it into a harmful barrier to American innovation. For years, we’ve worked closely with industry and government to advance online privacy and security. We’re confident that, with smart regulation and public-private cooperation, both the goal of protecting online privacy of children and the goal of business innovation can be served. Unfortunately, what we’re currently seeing from the FTC is an overly broad and unworkable regulatory framework for implementing COPPA.

To read SIIA’s full comments, please click here. In its comments, SIIA states:

“We are supportive of the goals of the Commission to protect children from third-party plug-ins, social networks and any other third party service that collects personal information.

“However, the inappropriately broad expansion of the statute’s definition of personal information, combined with the increasingly broad definitions of ‘operator’ and ‘web site or online service directed to children’… create a broad regulatory framework that dramatically exceeds the scope of COPPA and will most certainly stifle innovative Internet-based offerings-not just for sites and services directed at children under 13, but much more broadly.”

SIIA addresses six specific areas of concern:

1. Expansion of “Personal Information” to include persistent identifiers creates an unworkable regulatory construct.

2. Modification to the rule’s definition of “operator” is overly-broad, and it places an unworkable responsibility on operators of sites and services well beyond the scope of COPPA.

3. Proposal to make third parties qualify as “operators” under COPPA by creating a “reason to know” standards is an inappropriately broad expansion of the statute and impractical.

4. Requirement for operators of “child-friendly mixed audience sites” to take an affirmative step to attain actual knowledge of child users would inappropriately expand the scope of COPPA.

5. Application platforms should not be characterized as “operators” under COPPA, but the Revised NPRM leaves this unclear.

6. The broad regulatory construct proposed in the Revised NPRM is likely to challenge application of COPPA to Internet-based educational materials and services.

Ken WaschKen Wasch is President of SIIA.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: ,