Students in Georgetown’s IPR Tech & Communications Clinic today filed comments with the FTC as part of the agency’s hearing on Competition and Consumer Protection in the 21st Century: The FTC’s Approach to Consumer Privacy.
“While the Children’s Online Privacy Protection Act (COPPA) is intended to protect the privacy of children under age 13, it is no longer up to the task.
“COPPA’s underlying assumption is that parents will be able to protect their children’s privacy if companies give notice of their privacy practices and do not collect personal information until unless the parent gives consent. But this no longer works. Most parents do not read privacy policies, and even if they do, many do not provide the information needed for informed consent.
Given the unprecedented amount of data being collected, the sophistication of data mining techniques, and the lack of transparency, most people lack a sufficient understanding of scope of the data collected and how it could be used. Moreover, because the FTC has not effectively enforced COPPA, many companies feel free to ignore COPPA’s requirements.”
The clinic’s comment elaborates the many ways in which new technologies have made it harder to protect children’s privacy in the 20 years since the Children’s Online Privacy Protection Act (COPPA) was enacted. Digital technologies have become a pervasive presence in the life of children and teens, and massive-scale data-mining and other techniques have made “informed consent” an unworkable regime to protect users’ privacy.
The comment notes shortcomings in the FTC’s current enforcement of COPPA, arguing that the FTC rarely brings enforcement actions under COPPA even though many companies fail to comply with COPPA requirements. It urges the FTC to make public the information provided by “safe harbor organizations”, which exist to certify compliance with COPPA but often do not rigorously enforce their guidelines.
The comment argued that new legislation is also needed:
“New legislation, such as the bi-partisan Markey-Hawley bill, is needed to address COPPA’s short comings.
Any legislation must include developmentally-appropriate protections for teens, because COPPA only covers children under age 13. The legislation should also prohibit practices that may be harmful to children, rather than requiring parents to read and try to understand the impact of multiple privacy policies.
“Until such legislation is passed, however, the FTC can and should do more to better protect children’s privacy. Specifically, we urge the FTC to undertake more enforcement actions, to enforce COPPA’s notice requirements, and to fix problems with the COPPA safe harbor program.”
The IPR Tech & Communications Clinic has for decades been one of the most active watchdogs tracking enforcement of children’s privacy laws.
In December 2018, the clinic filed a complaint with the FTC requesting an investigation into whether Google's marketing of apps directed to children in the Google Play Store violates the FTC Act’s prohibition on deceptive and unfair practices.
In October 2018, the clinic partnered with the Institute in hosting the conference “COPPA at 20: Protecting Children’s Privacy in the Digital Age.”
The FTC’s hearing is part of an extensive series of hearings the FTC is convening on Competition and Consumer Protection in the 21st Century. The agency’s opening hearing took place at Georgetown Law in September 2018. Georgetown faculty and fellows have testified at a number of the hearings, including the April 9-10 FTC hearing on consumer privacy in association with which today’s comments were filed.
You can read the clinic’s full comment here.