COPPA was originally enacted by Congress in 1998, requiring the FTC to issue and enforce regulations concerning children’s online privacy. COPPA is intended for parents to control what information if collected from their children. The law applies to (1) operators of commercial websites and online services (including mobile apps) directed at children under 13 years old, (2) operators of general audience websites who have actual knowledge that they are collecting, using, or disclosing personal information from children under 13, and (3) websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed at children.
Under COPPA, covered entities are prohibited from collecting personal information from children without properly disclosing how the information will be used to parents. In 2012, the FTC clarified COPPA rules by requiring verifiable consent from parents before collecting data that could be used to identify or locate a child. The information that covered entities do collect must also remain secured and protected.
In April 2018, a coalition of over 20 consumer advocacy and privacy groups filed a complaint with the FTC, alleging that YouTube had been violating COPPA for years by illegally collecting and profiting off of children’s data. The complaint further alleged that YouTube has skirted COPPA by claiming that it does not have a child audience.
News reports and a letter from two Members of Congress to the CEO of Google indicated that the FTC met with the consumer advocacy and privacy groups about their complaint but did not take any official action in response to the groups’ allegations.
The spotlight continued to shine on COPPA compliance this month, when Senators Edward J Markey and Richard Blumenthal issued a letter asking the FTC to investigate whether children’s apps are improperly collecting personal data and if app stores are misleading consumers by labeling these apps as “child-friendly.”
This news comes in the wake of recent reports and research surrounding data sharing of nearly 6,000 free children’s Android apps, finding that more than half shared data in ways that could violate COPPA. In their letter to the FTC, the senators are asking for examination of the apps and the advertising agencies working with them to see if they are violating COPPA.
The Senator’s letter cited an article discussing the personal information collected on multiple children’s apps, including precise location and tracking ID numbers being sent to outside companies. The article also addressed a law suit filed in New Mexico, accusing a children’s app, along with online ad businesses, for violating children’s privacy laws. The New York Times also discovered apps on various app stores were labeled appropriate for children but sent personal data without verifiable parental consent.
With social media platforms on the hot seat in regards to the dissemination of consumers’ personal information, it is only logical that other online services (e.g. mobile apps) be placed under scrutiny as well. It is becoming increasingly easier for apps and websites to collect and share consumers’ personal information. With such sensitive information readily available, Congress is becoming more convinced that they cannot become complacent in their oversight of these laws. This action shows that consumer privacy, especially children’s privacy, is of great importance to Congress as they attempt to navigate this new wave of technology. Further, in a year filled with data privacy concerns, Congress is hoping this move will show progress in an uncharted yet advanced industry.