On May 19, the Federal Trade Commission (“FTC”) adopted, on a unanimous basis, a policy statement reminding educational technology vendors (“ed tech vendors”) of their duty to comply with the substantive privacy protections of the Children’s Online Privacy Protection Act (“COPPA”) and the Commission-issued COPPA Rule. The policy statement reiterates the requirements of the Rule and previous informal guidance from Commission staff, and makes clear that ed tech vendors may not submit children to commercial surveillance and data monetization practices when using technology in the classroom.
The FTC’s COPPA Rule, which became effective in 2000 and was most recently amended in 2013, is intended to place parents in control over the information collected from their children online. A major component of the Rule is that commercial online operators must (1) provide parents with notice of data collection and (2) obtain parental consent before the collection of personal information of children under age 13.
Recognizing the unique benefits of ed tech, the new policy statement reminds ed tech vendors that their compliance with the Rule extends beyond the notice and consent requirement. Specifically, the FTC intends to scrutinize the activities of ed tech vendors in the following areas: