The Federal Trade Commission yesterday released its updated FAQs clarifying the amended rule implementing the Children’s Online Privacy Protection Act (COPPA) released in December, 2012. Included are several clarifications long championed by SIIA regarding the intersection of COPPA and children’s online activities in the school setting.
For those not familiar, in short, COPPA requires parental consent under certain conditions for the online collection of personal information from children under age 13. SIIA has long supported this important law for helping protect children’s privacy and safety, and has also worked with the FTC and other stakeholders to ensure COPPA implementation does not bring inappropriate or unintended consequences that limit technology innovation and the user experience.
According to the new COPPA FAQ:
- “COPPA does not preclude schools from acting as intermediaries between operators and parents in the notice and consent process, or from serving as the parent’s agent in the process of collecting personal information online from students in the school context.”
- “COPPA does not apply where a school has contracted with an operator to collect personal information from students for the use and benefit of the school, and for no other commercial purpose.”
These provisions are important to minimize the barriers to student access to instructional technologies and digital learning within the school context. Both extend on the role of schools as trusted agents of student learning, privacy and safety, including that governed by the Family Educational Rights and Privacy Act (FERPA) as well as by Acceptable Use Policies (AUPs) signed between parents and schools. They help provide for student’s seamless access to online teaching and learning opportunities in the timely manner needed to address their educational needs under the guidance of their teacher and school, and governing local school board policies. The alternative of requiring parental consent in each case would present a significant administrative barrier, potentially put certain students at an educational disadvantage when consent cannot be secured in a timely manner, and would often leave students and teachers unable to take advantage of a “teachable moment.”
While the continuation of these school provisions is welcome, the updated FAQs do include some new guidance that will require further analysis and consideration. For example, the FTC guidance now requires that: “. . . the operator must provide the school with full notice of its collection, use, and disclosure practices, so that the school may make an informed decision.” And the FTC separately describes what information a school “should” seek from an operator, including “What are the operator’s data retention and deletion policies for children’s personal information?”
SIIA members can review a more detailed summary and analysis on new COPPA regulations and guidance. [Updated May 9, 2013]
SIIA looks forward to working further with public officials, families, educators and digital learning providers to ensure that children have access to critical online learning opportunities and applications in an appropriately safe and secure manner. This includes SIIA’s ongoing work around FERPA (the Family Educational Rights and Privacy Act), which governs educational institutions and agencies through the U.S. Department of Education and is referenced in the COPPA FAQ.
Mark Schneiderman is Senior Director of Education Policy at SIIA.