Privacy & Security

Here’s What an Update of a Key U.S. Privacy Law Could Mean for Schools

By Alyson Klein — July 19, 2019 4 min read
  • Save to favorites
  • Print

In the era of YouTube, Fortnite, Snapchat, and more grown-up technology beloved by kids, does one of the main federal laws protecting online privacy for kids under 13 need a makeover?

That’s what the Federal Trade Commission, which oversees the Children’s Online Privacy Protection Act, or COPPA, wants to know. The agency made a recent move to begin considering a potential update of the rules that govern the law, putting out a call for comments on five broad questions that could potentially guide a revision to the rules governing the law.

“In light of rapid technological changes that impact the online children’s marketplace, we must ensure COPPA remains effective,” said Joe Simons, the chairman of the FTC, in a statement. “We’re committed to strong COPPA enforcement, as well as industry outreach and a COPPA business hotline to foster a high level of COPPA compliance.”

What exactly is COPPA? It is the law that requires operators of commercial websites, online services, and mobile apps to get permission from parents before gathering information about any child under the age of 13. The goal: To give parents more say over what type of information is collected about their children online.

Importantly, the law only applies to websites or apps that are aimed at kids, or have “actual knowledge” that their users are younger than 13. (Experts note that some companies go out of their way to try and avoid finding out that some of their users are younger than 13, so that they don’t have to follow COPPA’s requirements.)

The law essentially applies to companies, not school districts. (In fact, earlier this year, the FTC slapped the social-networking platform TikTok, with a $5.7 million fine for violating child online privacy laws.)

But ed-tech leaders and school officials have a stake here, too. The FTC, which enforces COPPA, has said that in some situations, schools can stand in for parents, essentially giving the OK for student data to be collected.

And that can get pretty complicated and murky. Companies often pass the burden of getting parental consent on to districts, which then either make decisions in lieu of parents, or spend a lot of time, money, effort, and energy in getting permission from individual parents for kids’ data to be shared. Much more in this great explainer on COPPA from my colleague, Ben Herold.

What kind of changes is the FTC exploring? The agency wants to know, essentially, if changes to technology over the past decade-plus since the law was passed necessitate an update to the rules that go along with it. They’ve asked for feedback on five questions that could help reshape a potential rule revision.

Why should school district officials care about possible changes? There are two big reasons, said Amelia Vance, the director of the education privacy project at the Future of Privacy Forum. First off: Right now, teachers often use apps and programs that aren’t necessarily aimed at kids, like Duolingo (a foreign language app), or the New York Times education products. For now, those companies may not have to comply with COPPA.

The FTC’s comment process opens up the possibility that the agency may become stricter with those companies, Vance explained. That means, among other potential new requirements, they might require companies to set up an “age gate,” asking if users are under 13 or fine companies if they would be easily able to find out if kids are using the platform but don’t.

And that could mean a huge sigh of relief for schools, Vance said.

“This could make it much easier for schools to use those general services and make sure those services are acting in a privacy protective way, as opposed to now where the burden is entirely on the school to make sure that these apps are protected as FERPA [Family Educational Rights and Privacy Act] and state laws require,” she said.

On the other hand? Among the five questions, the FTC wants to know if it should consider a specific exception to parental consent for the use of education technology used in the schools. If the agency ultimately decides not to go that route, schools may then have to work to get permission from parents before students can use a particular app.

That would likely lead to some serious administrative headaches for district officials, Vance said.

Calls to update COPPA are nothing new. In fact, child health, consumer, and privacy advocates have been calling for a makeover of the law since at least 2010. And in late 2017, the U.S. Department of Education and the FTC discussed the big issues in both COPPA and the Family Educational Rights and Privacy Act or FERPA.

What’s more, Sens. Edward Markey, D-Mass, and Josh Hawley, R-Mo., have introduced legislation that would require companies to comply with COPPA if their products are used by children 15 and under, not just 13 and under. And the bill expands the definition of which companies would be subject to the law, from those with “actual knowledge” to those with “constructive knowledge”, or presumed to have knowledge. (That’s likely a much bigger bucket).

Image: Getty

Related Tags:

A version of this news article first appeared in the Digital Education blog.