The Young and the Wireless: COPPA and the Internet of Things
Senator Mark Warner of Virginia recently sent a letter to the Federal Trade Commission (FTC) expressing concern over the potential explosion of collection, storage, and usage of children’s personal information in connection with the Internet of Things (IoT), including mobile apps and so-called “smart toys.”
In the letter, Senator Warner noted that the scope and duration of data collection is expanding rapidly, enabled by the falling cost of digital storage and internet connectivity, and “more and more Internet-connected devices are making their way into children’s hands.” Thus, seemingly simple everyday purchases—such as toys—could raise complex privacy and safety issues that consumers may struggle with or not fully comprehend.
In 2013, the FTC revised its Children’s Online Privacy Protection Act (COPPA) rule and broadened the definition of “personal information” to include persistent identifiers, geolocation information, photos, videos, and audio recordings. The increasing functionality and integration of mobile apps and connected products—coupled with their widespread use by children—could result in the pervasive collection of data, which is utilized to identify child users and otherwise falls within the scope of personal information.
It will be important to monitor how the FTC interprets and enforces its COPPA rule during the dawn of the IoT age. Issues for the FTC to mull include
the extent of its regulatory authority in this area;
whether IoT-specific legislation is appropriate;
the extent of parental control and consent regarding connected products;
whether devices and applications can be easily identified as directed to children; and
whether, absent extensive regulation, market participants will implement sufficient privacy and security measures for products across price points and lifespans.