In a new policy statement, adopted last week, the Federal Trade Commission made clear that companies that provide educational software and online services to students must comply with the Children's Online Privacy Protection Act (COPPA). Under COPPA, companies cannot deny children access to educational technologies when their parents or school refuse to sign up for commercial surveillance. The FTC policy statement notes that data collection has become more extensive and ad targeting more sophisticated, while education technology has become more prominent in the COVID era. That combination could make children vulnerable to data privacy violations if ed tech companies try to skirt COPPA.
The policy statement called out specific COPPA provisions that ed tech companies should pay especially close attention to:
- Prohibitions Against Mandatory Collection: Companies cannot condition participation in a given activity on a child disclosing more information than is reasonably necessary for the child to participate in that activity. The policy statement uses the collection of email addresses as an example: if you don't need to email students, don't condition access to schoolwork on a student providing their email address.
- Use Prohibitions: Ed tech companies cannot use student's personal information, collected with a school's authorization, for commercial purposes, including marketing or advertising. They can only use the information for the purpose for which it was collected.
- Retention Limitations: Companies can only keep children's personal information for as long as is required to fulfill the purpose for which the information was collected. They cannot retain child data for speculative future potential uses.
- Security Requirements: Companies must have procedures to maintain the confidentiality, security, and integrity of children's personal information.
The policy statement said that the FTC will "closely scrutinize" ed tech providers to ensure they are complying with COPPA and "will not hesitate to act" against those who are not. Companies that fail to follow COPPA could face potential civil penalties and limitations on their business practices aimed at stopping unlawful conduct.
This alert provides general coverage of its subject area. We provide it with the understanding that Frankfurt Kurnit Klein & Selz is not engaged herein in rendering legal advice, and shall not be liable for any damages resulting from any error, inaccuracy, or omission. Our attorneys practice law only in jurisdictions in which they are properly authorized to do so. We do not seek to represent clients in other jurisdictions.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.