September 30, 2022

Volume XII, Number 273

Advertisement

September 29, 2022

Subscribe to Latest Legal News and Analysis

September 28, 2022

Subscribe to Latest Legal News and Analysis

September 27, 2022

Subscribe to Latest Legal News and Analysis

Legislators Ask COPPA Safe Harbor Organizations for Information

Children’s Online Privacy Protection Act (COPPA) enforcement actions closed out 2021 (see our blog post) and children’s online privacy remains a hot topic in Congress in 2022. After a series of articles by The Wall Street Journal last September uncovered Instagram’s own research on possible harms to teenagers from social media engagement, members of the Senate Commerce, Science, and Transportation Subcommittee on Consumer Protection, Product Safety, and Data Security questioned executives from Facebook (Instagram’s parent company) about children’s online safety. More recently, Representatives Kathy Castor (D-FL14) and Jan Schakowsky (D-Il09) turned their attention to COPPA Safe Harbor organizations. In a letter sent on January 7, 2022 to the Children’s Advertising Review Unit (CARU), Entertainment Software Rating Board (ESRB), iKeepSafe, kidSAFE, Privacy Vaults Online, Inc. (d/b/a PRIVO) and TRUSTe, Castor and Schakowsky requested details concerning the organizations’ compliance with the legal requirements of the COPPA Rule.

The COPPA Safe Harbor program is a statutory creation. See 15 U.S.C. § 6503. The concept is simple: it allows an operator (as defined by COPPA) to satisfy the requirements of COPPA by following a set of self-regulatory guidelines issued by representatives of the marketing or online industries or other persons and approved in accordance with the procedures set out in Section 6503(b). The title of that section – “Incentives” – conveys the objective of Congress to promote self-regulation when it comes to children’s privacy. Section 6503(b)(1) directs the Federal Trade Commission (FTC) to “provide incentives for self-regulation.” Section 6503(b)(2) establishes that one of those incentives is “Deemed Compliance.”

In short, businesses that fully adhere to an approved COPPA Safe Harbor program by demonstrating to the FTC that their program offers substantially the same or greater protections for children as those outlined in the COPPA Rule are deemed compliant with the COPPA Rule for enforcement purposes. Safe harbor organizations that fail to do an effective job can lose Safe Harbor status, which occurred last summer when one organization was dropped from the list.

Castor and Schakowsky’s letter includes a questionnaire that asks Safe Harbor organizations for a range of information, including documentation of all Safe Harbor advertising, descriptions of how each organization’s Safe Harbor program provides substantially the same or greater protections for children as those contained in the COPPA Rule, what their processes are for handling consumer complaints, and what disciplinary actions they take if member companies are found in breach of the COPPA Rule. The authors state that they “are also committed to exploring ways in which Congress can strengthen COPPA and the COPPA Rule” and ask the organizations for feedback on ways to improve the Safe Harbor program.

Representative Castor has previously weighed in on children’s privacy issues. Following policy changes made by several major tech companies in response to the UK’s stringent new children’s privacy rules that took effect last September, Castor, along with Senator Ed Markey (D-Mass.) and Representative Lori Trahan (D-MA03), cosigned a letter to the FTC in October urging the Commission to use “all its authority to ensure that these powerful companies comply with their new policies, to hold them accountable if they fail to do so, and to prioritize the protection of children’s and teen’s privacy.” That letter followed a similar request to the CEOs of Amazon, Facebook, Google, Snapchat, TikTok, and Twitter in June 2021.

It is useful to periodically benchmark progress and consider ways that self-regulation can be improved. In doing so, it is vital that legislators remain true to the intent clearly expressed by Congress to provide strong incentives for effective self-regulation of children’s privacy.

© 2022 Keller and Heckman LLPNational Law Review, Volume XII, Number 33
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Sheila Millar, Keller Heckman, advertising lawyer, privacy attorney
Partner

Sheila A. Millar counsels corporate and association clients on advertising, privacy, product safety, and other public policy and regulatory compliance issues.

Ms. Millar advises clients on an array of advertising and marketing issues.  She represents clients in legislative, rulemaking and self-regulatory actions, advises on claims, and assists in developing and evaluating substantiation for claims. She also has extensive experience in privacy, data security and cybersecurity matters.  She helps clients develop website and app privacy policies,...

202-434-4646
Tracy Marshall, Keller Heckman, regulatory attorney, for-profit company lawyer
Partner

Tracy Marshall assists clients with a range of business and regulatory matters.

In the business and transactional area, Ms. Marshall advises for-profit and non-profit clients on corporate organization, operations, and governance matters, and assists clients with structuring and negotiating a variety of transactions, including purchase and sale, marketing, outsourcing, and e-commerce agreements.

In the privacy, data security, and advertising areas, she helps clients comply with privacy, data security, and consumer protection laws, including laws governing telemarketing and...

202-434-4234
Advertisement
Advertisement
Advertisement