COPPA is the abbreviation for Children’s Online Privacy Protection Act. The bill – the U.S. law for protecting children’s online data – came into existence in 1998. It governs the way services and websites handle children’s data. The COPPA rule, which was enacted in 2000, dictates how the act must follow. Online services & websites for children under the age of 13 need parental consent. Before disclosing, collecting, and using user information, parental consent is required. The phrase ‘directed at children’ is crucial. That’s a straightforward way to ask for parental consent from children.
This bill was passed in the burgeoning days of the Internet to protect kid’s privacy online. It applies to websites geared towards children. The bill leaves the door open for social media organizations to argue with the wrong rules. But, even several social media companies agree that children lie about their age. The contrary beliefs go on and on. COPPA is decades old but is relevant now after the update in the bill.
Updation in the Bill
Rep. Kathy Castor (D-Fla.) did the honors by introducing the bill on Thursday. There have been amendments in the old law governing children’s privacy online. The renewal of the bill is an effort to build up attention on the issue from kid’s advocates and lawmakers. There are stringent rules around children’s online privacy. For non-compliance, the penalty is around $42,530 per violation per child, per day. As per the criticisms in recent years, it’s believed that the law hasn’t been enforced to the full extent. The Federal Trade Commission (FTC) keeps an eye on COPPA adherence. Agency must be strict with giant technology organizations violating the law. That’s what many believe!
The new bill asks the FTC to set a distinct division for youth privacy. With respect to that, the FTC briefed a long investigation. It was an interrogation on Google’s video streaming site YouTube in 2019. The outcome was a $170 million settlement as the response to the allegations. The ones who gathered illegal data had to suffer.
For instance, penalizing a local bakery a million dollars causes cessation. But, if you fine Google a million dollars with a warning not to misbehave, they can pay it over and over again. They won’t restructure a thing.
In September 2019, the most newsworthy case came into origin. The FTC along with YouTube profited by gathering children’s personal data settled with Google. There was a charge of $170 million over allegations on them. After the largest settlements in COPPA to date, critics said it was weaksauce. The FTC pulled back the curtains and didn’t go far enough to amend new rules for accountability. The FTC allowed Google to hook off with a petty fine and a set of fresh requirements. These requirements are not enough to make YouTube a healthy and secure place for kids. For the last 22 years, since COPPA became law, the FTC has invited comments thrice on the bill. One time in 2005, then 2008 and the recent in 2010.
After many comments on the bill in 2010, the FTC revised the bill. The revision was to provide parents and children more control over their privacy. The information couldn’t be gathered without consent. It extends to those covered by COPPA, including third parties among varied changes.
COPPA is a well-made law but not understood very well by many people. Linnette Attai spent 12 years in the privacy of NIckelodeon before founding PlayWell. It’s a consultancy agency for student’s and children’s privacy. The issue is whether companies self-identify as a service-geared towards children. It happens usually with non-traditional children’s organizations that work as service providers. They work in the children’s space as startups and struggle from time to time. That’s why they don’t understand the intent of the law. Instead, they put the practices into place for better implementation.
In 2008, Tim Tobin (Hogan Lovells attorney) spoke for SONY BMG. It was the time when FTC investigation was held for COPPA violations. This case came up with the largest settlement to date at that time i.e. $1 million. He agreed that the terms establishing your website under the COPPA act is vital. Not following the privacy rules becomes the reason for infringement. For this, the FTC outlines all the attributes that qualify a website in its FAQs. The checklist includes subject matter that features –
- Visual content
- Presence of child celebs
- Music and other audio content
According to Tobin, there’s a thin line that must be drawn. For instance – If you’re into animation, you might create unique stuff. You might be unsure whether it’s child-focused or not. Sometimes, it’s difficult to understand where the line has to be drawn. There’s room for interpretation here.
Websites and services are not recognizing that they’re child-directed. It’s a pitfall in which companies fall quite often. For this, organizations must go for the ‘totality of circumstances’ test.
COPPA applies when you look, feel, smell and act as if you’ve created a website for kids under the age of 13. To eradicate such consequences, updations in the bill were made. Organizations run into legal trouble. Because they don’t monitor their third-party vendors. It’s known as ‘third-party footprint’.
Organizations are responsible for their own compliance. Privacy and security with due diligence is the main aim under COPPA. Under COPPA, there’s a standard called ‘actual knowledge’. You need to gain actual knowledge of your website. Find out whether it’s directing towards children or gathering kid’s data. Who is the intended audience? When vendors don’t have the actual knowledge, it becomes a liability. Under COPPA, you must be diligent and put controls in place. Make sure you follow the regulations.
Future of Children’s Online Privacy Protection Act (COPPA)
Looking further, COPPA will amend again. It’s difficult to say when, where and how. As per the recent public comments by the FTC, the current calling is to change the age of the children under COPPA. The change is the need of the hour. The age must change from 13 yrs to 16 yrs.
EU’s sweeping privacy law treats anyone under the age of 16 as a minor. Many say that it’s the best approach for the U.S as well. It’s the gold seal privacy law. Again, there have to be many changes from an FTC rulemaking perspective. More changes at the margins are required. Federal legislation needs to broaden the age among many other factors.
The industry has been calling for clear rules on privacy for many years now. It seems that the EU is about to take punitive measures against the U.S. for the failure to establish the rules. Recently, the EU invalidated the privacy shield. It’s the data mechanism for moving data from the EU to the U.S. That’s the second type of agreement invalidated by the EU. With the Democrats taking control, there’s a suspicion of bringing transformation. But, there’s a big undertaking coming for alignment. This is to help everyone to get aligned as per the Act.
The Children’s Online Privacy Protection Act is long overdue for improvisations. It’s important to protect teens from deceptive online ads and digital manipulation. It’s especially for children who spend too much time online. Some social media companies tried their best to get ahead in the line by asking for separate acts. They say that there must be stricter policies and limited online ads. YouTube Kids, Facebook’s Messenger Kids and Instagram’s products are still controversial.
Organizations are working on making these products and services safe for children. New policies for the main photo-sharing app on Instagram are announced. As per the rule, new accounts of teens under the age of 16 yrs will go into private mode by default. It will limit ad targeting for users under the age group of 18. But, the rules are not enough for a few lawmakers. Because children are still addicted to newer technology. Regulating authorities are also searching for the solution to online addiction among kids.
The future of COPPA will cover the following questions –
- How does the development of business models harm children?
- How does it change the way children and parents use online services?
- How will the Act address parental consent for children?
- How are third party vendors going to gather information?
- Whether the modifications made before were amended?
- What more should the Act include?
The right knowledge will save you from the consequences. Knowledge about the law and how to protect your data is important. The ones gathering personal data of children under 13 yrs must be aware. Make sure you create protection around that data.