Editor & Publisher Jeff Brown.
According to a December 9 press release from the Attorney General's office, Michigan Attorney General Dana Nessel and a bipartisan group of 24 other Attorneys General urged the Federal Trade Commission (FTC) to strengthen its rules prohibiting websites, mobile applications, and other digital marketing companies from collecting and using the personal information of children under the age of 13.
“My colleagues and I have come together to provide meaningful suggestions to strengthen the Children’s Online Privacy Protection Act rule which would benefit Michigan’s children through enhanced privacy measures,” said Nessel. “To ensure that we’re keeping up with the ever-changing landscape of technology, fortifying the walls between young children and those looking to prey on them is crucial.”
While numerous websites and mobile applications collect personal information from users – including geolocation information, browser histories, search histories, and voice recordings – since 1996, the Children’s Online Privacy Protection Act (COPPA) has prohibited collecting this data from children under 13. This according to the press release.
In their letter, the Attorneys General ask the FTC to expand its definition of personal information to include items such as faceprints used to unlock cellphones, health data from internet-connected smart watches, and kids’ genetic information.
The Attorneys General also recommend that the FTC crack down on companies who embed code in children’s mobile applications and collect data to target children with behavioral advertising; and to examine how the rules apply to school-issued laptops that are “free” so long as companies get to collect information from the students using them.
Furthermore, the Attorneys General assert that the FTC should not create exceptions to the rule such as allowing platforms that host both child-directed and general audience content to work around COPPA’s requirements. As stated in the press release.
Per the press release, Nessel joins the Attorneys General of Connecticut, Delaware, the District of Columbia, Idaho, Illinois, Iowa, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Minnesota, Mississippi, Nebraska, Nevada, New Mexico, New York, North Carolina, Oregon, Pennsylvania, Tennessee, Vermont, Virginia, and Washington in submitting this letter.
Dear Acting Secretary Tabor, On behalf of the Attorneys General of New Mexico, Connecticut, Delaware, the District of Columbia, Idaho, Illinois, Iowa, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Nebraska, Nevada, New York, North Carolina, Oregon, Pennsylvania, Tennessee, Vermont, Virginia, and Washington (“the States”), we submit the following comments as requested by the Federal Trade Commission (“the Commission”)1 on its implementation of the Children’s Online Privacy Protection Act, 15 U.S.C. § 6501 et seq. (“COPPA”), through regulations codified at 16 CFR part 312 (“the COPPA Rule”). Under 15 U.S.C. § 6504, State Attorneys General are authorized to bring actions under COPPA as parens patriae in order to protect their citizens from harm. As partners with the FTC in ensuring COPPA is enforced and children are protected, the States possess a unique and important perspective on how effective the COPPA Rule has been, the fundamental values and protections it upholds, and what improvements should be made. A. General Questions for Comment 1. Is there a continuing need for the Rule as currently promulgated? Why or why not? Yes, though the Rule should be strengthened significantly as recommended herein. Technology by its nature evolves quickly, and any statutory scheme designed to regulate 1 See 84 FR 35842 (July 25, 2019). 2 technology must necessarily be flexible enough to adapt to the market while maintaining enough regulatory strength to accomplish its purpose. In the COPPA context, this flexibility is achieved through the use of regulations like the COPPA Rule. If COPPA is to continue to accomplish its purpose, the COPPA Rule must both continue to exist and continue to evolve to meet the needs of a rapidly-changing data landscape. More fundamentally, COPPA (and thereby the COPPA Rule) exists to protect children. Parental consent requirements like those found in COPPA are a reflection of society’s collective belief that because children are more susceptible to deception and exploitation than adults, children are deserving of added legal protections. In the online context, that means no one should be allowed to extract information from a child and use that information to profile and track that child without the express informed consent of that child’s parent or legal guardian, regardless of the market value of doing so. Senator Richard Bryan, the primary author of COPPA, stated it this way: Parents do not always have the knowledge, the ability, or the opportunity to monitor their children's online activities, and that is why Web site operators should get parental consent prior to soliciting personal information. The legislation that Senator McCain and I have introduced will give parents the reassurance that when our children are on the Internet they will not be asked to give out personal information to commercial Web site operators without parental consent.2 The internet has only grown more embedded, and more inextricably intertwined in citizens’ lives over the last twenty years, not less. As more and more of our lives are lived online, and as digital tools make their way into our schools and into our lives at ever-earlier ages, rules like the COPPA Rule must continue not only to exist, but grow and adapt to ever-changing regulatory landscapes. 4. How many small businesses are subject to the Rule? On the digital platform side, almost none. The five largest digital platforms (Google/Alphabet, Facebook, Amazon, Apple, and Microsoft) are among the largest and most valuable companies on Earth. These five companies alone exceed more than $4 trillion in market capitalization, 3 pull in $100 billion in profit annually,4 and are under increasing scrutiny for engaging in anticompetitive behavior.5 These large digital platforms are under scrutiny in part 2 S. 2326: Children’s Online Privacy Protection Act of 1998, Hearing before Senate Subcommittee on Communications, S. Hrg. 105-1069, at 4 (Sept. 23, 1998). 3 Zingales, et al., Stigler Committee on Digital Platforms: Policy Brief, Chicago Booth Stigler Center for the Study