FTC signals crackdown on ed-tech harvesting kid's data

Trade watchdog, and President, reminds that COPPA can ban ya


The US Federal Trade Commission on Thursday said it intends to take action against educational technology companies that unlawfully collect data from children using online educational services.

In a policy statement, the agency said, "Children should not have to needlessly hand over their data and forfeit their privacy in order to do their schoolwork or participate in remote learning, especially given the wide and increasing adoption of ed tech tools."

The agency says it will scrutinize educational service providers to ensure that they are meeting their legal obligations under COPPA, the Children's Online Privacy Protection Act.

"Students must be able to do their schoolwork without surveillance by companies looking to harvest their data to pad their bottom line," said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, in a statement. "Parents should not have to choose between their children’s privacy and their participation in the digital classroom."

The Federal Trade Commission voted 5-0 to adopt the policy statement, indicating that willingness to defend children's privacy extends across party lines – three of the FTC commissioners are Democrats and two are Republicans.

The White House issued a statement in support of the vote, which aligns with Biden administration statements calling for greater privacy protection.

"When children and parents access online educational products, they shouldn’t be forced to accept tracking and surveillance to do so," the White House said. "The FTC is making it clear that such requirements would violate the Children’s Online Privacy Protection Act, and that the agency will be cracking down on companies that persist in exploiting our children to make money."

COPPA took effect in April, 2000 and was amended in 2013. It applies to commercial websites and online services (including mobile apps and IoT devices) aimed at, or known to be used by, children under 13 that collect, use, or disclose personal information. It requires that such services provide notice of data use and obtain parental consent.

The FTC is signaling its intention to pay closer attention to COPPA violations but it hasn't been entirely ignoring the law. Over the past 22 years, the FTC has fined over two dozen companies for gathering data from minors without explicit parental consent.

The largest settlement disclosed came in 2019 when Google and YouTube agreed to pay $170 million to resolve allegations of COPPA violations. Also that year, TikTok also paid $5.7 million to settle charges that the app under its previous name Musical.ly, collected children's data without parental consent.

Unfortunately for adults, the US doesn't have a comprehensive federal privacy law like Europe's General Data Protection Regulation; rather, it has a patchwork of laws that, like COPPA, cover privacy in certain contexts. For example, the Health Insurance Portability and Accountability Act (HIPAA) covers communications between a person and other specific entities, like doctors, hospitals, and insurers. Another student-oriented privacy law is the Family Educational Rights and Privacy Act (FERPA), which covers how educational records are protected.

Outside the specific situations covered by these laws, or states like California that have broad privacy regimes, you're on your own when it comes to defending your data and protecting your privacy. ®

Broader topics


Other stories you might like

Biting the hand that feeds IT © 1998–2022