A group of children’s advocates and academics have signed a joint letter organised by the 5Rights Foundation, calling on the US Federal Trade Commission (FTC) to prioritise the privacy and best interests of children in its review of the Children’s Online Privacy Protection Act Rule (COPPA Rule). The letter’s signatories include the Children’s Commissioners for England, Scotland, and Wales, UNICEF UK, members of the UK Children’s Charities’ Coalition on Internet Safety (CHIS), and the Rt Reverend Dr Steven Croft, Bishop of Oxford.
The COPPA Rule, which was primarily established to curb direct marketing at children, first went into effect in 2000 and was last revised in 2013. It limits the collection and processing of children’s data where verifiable parental consent has not been obtained, but its broader rules, definitions and limitations have shaped children’s experience of the digital environment all over the world.
The FTC typically reviews its rules every ten years, but ‘rapid technological changes’ have forced it to undertake an early review.
The letter is as follows:
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
Joint letter on the COPPA Rule review
1 November 2019
Dear Chairman Simons, Commissioner Chopra, Commissioner Phillips, Commissioner Slaughter, and Commissioner Wilson,
We, the undersigned, are writing in reference to the Commission’s review of the COPPA Rule. We are a group of organisations based in the United Kingdom, with a particular interest in promoting children’s rights and welfare in the digital environment.
Whilst recognising that COPPA is a US Rule, its global impact on children is manifest, as they access and are accessed by online services that operate throughout the world, including in the UK. In light of this powerful impact, we feel bound to advocate on behalf of those children and to offer some of our collective thinking on the review.
First and foremost, we agree with the Commission that the Rule requires fresh consideration in light of recent and ongoing developments in technology. The dramatic increase in data collection online means that it has never been more important to ensure that children’s privacy protections are robust and enforceable. Given the continuing complexity and opacity with which data is processed, however, we suggest that the Commission considers using its authority under Section 6(b) of the FTC Act to ensure it has all the evidence it needs to conduct a thorough and thoughtful review.
We have been encouraged by the Commission’s recent action on COPPA, and the changes that have been implemented by the relevant companies as a result. We are also encouraged by the potential changes to the Rule implied by some of the review’s questions. In particular, we support including ‘inferred data’ in the definition of personal information, and we wish to underline the concern that the current provisions around services ‘directed to children’ do not adequately cover services that we know are accessed by significant numbers of child users. We would support the Commission in taking steps to improve the COPPA Rule’s provisions in these areas.
We have significant concerns, however, about the possibility of certain protections being withdrawn or weakened as part of the review. For instance, the potential relaxation of current restrictions on the collection of data from those viewing child-directed content could result in weaker protection of children’s data. Broadening exceptions to parental consent related to the use of edtech in schools could also threaten to expose student data to commercial use. We therefore urge the Commission to avoid amendments to the Rule that undermine its core function. Wherever the best interests of children conflict with the commercial interests of operators, the COPPA Rule must be unequivocal in its prioritisation and protection of the former.
Finally, in the UK and Europe, regulators are increasingly acknowledging that children require additional protections for their data, even where (on a general level) consent has been provided to process it. As digital technology becomes more and more embedded in children’s lives, parents must be supported by a regulatory regime in which companies share responsibility for protecting the data of their child users. The UK’s draft Age Appropriate Design Code, set to become law in the next few months, is one example of this more principles-based approach to children’s data protection, but it is consistent with a consensus that is emerging around the world. We would also note that the UK’s Code extends its protections (though not necessarily the need for parental consent) to all minors, not just under 13s. This challenges the status quo in which millions of young people aged 13-17 receive almost no specific data protection during some of the most vulnerable years of their lives.
We hope that any amendments to the COPPA Rule will build on this emerging consensus, and bolster, not weaken, children’s privacy in the US, the UK, and around the world.
Baroness Beeban Kidron OBE, Chair, 5Rights Foundation
Anne Longfield OBE, Children’s Commissioner for England
Sally Holland, Children’s Commissioner for Wales
Bruce Adamson, Children and Young People’s Commissioner Scotland
Koulla Yiasouma, Northern Irish Commissioner for Children
The Rt. Reverend Dr. Steven Croft, The Lord Bishop of Oxford
Professor Marina Jirotka, Director, Centre for Human Computing, University of Oxford
Carnegie UK Trust
The London School of Economics and Political Science
The Children’s Charities Coalition on Internet Safety – John Carr OBE (Secretary), Action for Children, Barnardo’s, Children England, The Children’s Society, Coram British Association for Fostering and Adoption, ECPAT UK, Kidscape, National Children’s Bureau, NSPCC, Stop It Now!
ReEnTrust - University of Nottingham, University of Oxford, and University of Edinburgh.
The Horizon Digital Economy Research Institute – University of Cambridge, University of Edinburgh, University of Exeter, Newcastle University, University of Nottingham, Royal College of Art, and Research Councils UK.