On May 19, 2022, the Federal Trade Commission (FTC) adopted the “Policy Statement [ ] on Education Technology and the Children’s Online Privacy Protection Act (COPPA),” which calls for increased scrutiny for violations of COPPA by education technology companies. The FTC said in its statement:
The [FTC] is committed to ensuring that education technology (“ed tech”) tools and their attendant benefits do not become an excuse to ignore critical privacy protections for children. The [FTC]’s COPPA authority demands enforcement of meaningful substantive limitations on operators’ ability to collect, use, and retain children’s data, and requirements to keep that data secure. The [FTC] intends to fully enforce these requirements—including in school and learning settings where parents may feel they lack alternatives.
COPPA became effective in 2000, and was amended in 2013. However, since that amendment, technology has surpassed expectations and online data collection and monetization of data have skyrocketed. Now, during and post-pandemic, schools are using education tools for all levels and activities, and, in most cases, without any choice. Parents often question the education technology (ed tech) and online learning services, wondering how (and what) personal information is being collected, who it is being shared with, and how it is being used.
The FTC seeks to focus on ed tech providers’ compliance with COPPA related to:
-
Prohibitions against mandatory collection;
-
Use prohibitions;
-
Retention prohibitions;
-
Security requirements.
The FTC’s statement emphasizes that the burden for COPPA compliance is on the business, not on schools or parents. Importantly, the FTC notes that any agreements between schools and these ed tech companies must appropriately reflect that point.
The FTC said:
Children should not have to needlessly hand over their data and forfeit their privacy in order to do their schoolwork or participate in remote learning, especially given the wide and increasing adoption of ed tech tools. Going forward, the Commission will closely scrutinize the providers of these services and will not hesitate to act where providers fail to meet their legal obligations with respect to children’s privacy. To see the full statement, click here.