As fall rapidly approaches amid an unyieldingly high national COVID-19 caseload, the nation’s collective attention has increasingly turned to how to best manage the impending schooling crisis. Though the federal government’s approach to public schooling remains an open question for now, the two largest school districts in California (Los Angeles and San Diego) already announced they are going entirely virtual for the fall semester, and many more may soon be following their lead. These developments augur a truth many parents have been dreading for months: virtual learning and long days in front of the screen will be the “new normal” for many children into the foreseeable future. They also raise the question of whether the U.S. approach to children’s online privacy, the Children’s Online Privacy Protection Act (COPPA), supplemented in the educational context by the Family Educational Rights and Privacy Act (FERPA), will be able to withstand the additional pressures foisted upon them in this new era.
It is, therefore, fortuitous that the Federal Trade Commission (FTC) last year announced the commencement of its periodic “rule review” of COPPA. Though announced prior to the COVID-19 outbreak in the United States, the rule review remains open, providing an important opportunity for the Commission to incorporate into its revisions some lessons learned from the crisis so far. As part of its rule review, the FTC asked stakeholders to assess the general effectiveness of COPPA, individual provisions of the rule, and the efficacy of revisions made during the last rule review period in 2013. The App Association took advantage of the opportunity, filing comments that can be accessed here.
In general, the App Association advocates for the FTC to incentivize a more collaborative approach between platforms and children’s-app developers to ease the process of obtaining verifiable parental consent (VPC), a requirement under COPPA for any operator of a website or online service that collects, uses, or discloses the information of a child under 13 years of age. Because existing methods for obtaining VPC are so outdated and arduous, many creators of children’s-oriented websites and services have abandoned the sector or tinkered with their marketing to appear as a “general audience” product ostensibly patronized by non-child users and thus not subject to COPPA. The latter practice is fairly widespread and often brazen; companies such as YouTube and TikTok, who profit from popular accounts held and watched by users clearly under the age of 13, claimed general audience status, flouting COPPA and the FTC by ignoring their responsibility to obtain VPC. Though the FTC recently reached settlements with both companies, the fines they are required to pay pale in comparison from the benefits they accrued from ignoring the law.
Allowing innovative, modern approaches to the process of obtaining VPC could discourage such disingenuous practices, creating better outcomes for consumers and the FTC. Consumers would clearly benefit from a more robust marketplace of children’s-oriented websites and services that comply with the required consent process. But dissuading operators from recurrently evading COPPA through the general audience loophole would also free up much-needed FTC resources, allowing the Commission to move on to other pressing consumer protection issues.
The VPC issue takes on added significance during the current public health emergency. Prior to the COVID-19 outbreak, the Centers for Disease Control and Prevention (CDC) reported that children ages eight to 10 spent an average of six hours per day in front of a screen, while kids ages 11 to 14 spent an average of nine hours per day in front of a screen. Already startling, those numbers have likely skyrocketed during quarantine and the move to online education, meaning children are interacting with an increasing number of websites and services currently encouraged to unlawfully collect their personal information given COPPA’s existing structure and enforcement paradigm. While some of the EdTech products schools rely on to produce virtual learning content are FERPA and/or COPPA compliant, that is not always necessarily the case. At a time where many parents are fulfilling the twofold duties of caregiver and supplemental educator on top of their existing work duties, the FTC would do well to relieve parents of any extra detective duties by incenting as many children-directed websites and services to return to the COPPA fold as possible
Moreover, even if many of the additional websites and services children encounter through online education and increased screen-time did approach the current COPPA regime in good faith, the resulting avalanche of VPC documentation for parents to review would simply add yet another onerous task to juggle. There has to be an easier way for parents to consent to their child interacting with child-directed content than faxing forms or dialing into a call center. The App Association’s comment to the FTC raised a number of approaches that could help alleviate VPC burden, such as just-in-time notifications coupled with platform-level authentication of parents or guardians. While we appreciate the FTC’s recent updates to its COPPA FAQs, we urge the Commission to go further and to make much-needed statutory updates consistent with our recommendations as soon as practicable.
The fall semester is sure to be a turbulent period filled with trial, error, and innumerable headaches as policymakers, educators, and parents search for the appropriate balance in the education conundrum. Modernizing COPPA, especially the process of obtaining VPC, would go a long way towards eliminating at least one of the unnecessary stressors complicating these discussions. The App Association reiterates its call for the FTC to reform COPPA to meet the moment and address the new normal for kids online.