Children’s Online Privacy Protection Act of 1998

Amidst all of the recent news and developments about the privacy of kids and teens (including multiple Congressional hearings; Frances Haugen’s testimony; enactment of the UK’s and California’s Age Appropriate Design Codes; the Irish DPC’s GDPR decision against Instagram; numerous bills in Congress; and the FTC’s ongoing focus on kids’ privacy in policy statements, workshops, and its “commercial surveillance” rulemaking), the FTC still has a powerful tool that seems to be sitting on the back-burner: the Children’s Online Privacy Protection Act (COPPA) and its implementing rule.

But some members of Congress just wrote a letter to the FTC, asking it to make COPPA a priority.

Background on COPPA 

As most of our readers know, COPPA protects the privacy of kids under 13, mostly by requiring kid-directed web sites or apps, or sites/apps that have actual knowledge they’re dealing with kids, to get parental permission before collecting, using, or sharing kids’ data.  Enacted in 1998, COPPA is now nearly 25 years old, a dinosaur in today’s fast-moving world of privacy.  However, using the APA rulemaking authority granted in COPPA, the FTC has amended its COPPA rule to ensure that it keeps pace with developments – for example, extending the rule to ad networks and plug-ins; adding geolocation, persistent identifiers, photos, and videos to the definition of “personal information”; and strengthening the rule’s requirements governing data security, retention, and deletion.

However, those updates to COPPA became final in 2013 – almost ten years ago – and the FTC hasn’t amended the rule since then.  Although the FTC initiated a rule review in July 2019, that review is still pending more than three years later. According to Regulations.gov, the Commission received over 176,000 public comments in the rule review.  That’s a lot of comments, but it surely can’t explain such a lengthy delay.
Continue Reading Congress to FTC: “Please Update the COPPA Rule Now”

Since Congress enacted the Children’s Online Privacy Protection Act (COPPA) in 1998, the regulatory wall between kids and teens has been a remarkably durable one. During all this time, COPPA, the primary U.S. law protecting kids’ privacy, has protected children under 13 but hasn’t provided any protections for teens. While California’s privacy law

The FTC’s most recent COPPA enforcement action, announced on June 4 with app developer HyperBeard, provides evidence of an ongoing debate within the Commission about privacy harm and the role of monetary relief in the agency’s privacy enforcement program.  Specifically, Commissioner Noah Phillips voted against the settlement with app developer HyperBeard and two corporate officers,

Last week, True Ultimate Standards Everywhere, Inc. (“TRUSTe”) agreed to pay the New York Attorney General (“NYAG”) a $100,000 penalty, and beef up privacy measures, to settle alleged violations of the Children’s Online Privacy Protection Act of 1998, 15 U.S.C. §§ 6501-6506 (“COPPA”). The Federal Trade Commission (“FTC”) is authorized to issue rules under COPPA,