Over the last few years, there has been an increased focus on the collection of children’s personal information in the United States. For example, many states have begun passing laws that significantly increase regulation for businesses collecting personal information from children, see our previous discussion on California’s Age-Appropriate Design Code Act. Additionally, at the federal level, the Federal Trade Commission (FTC) has increased its focus on the Children’s Online Privacy Protection Act (COPPA), specifically in the educational context.
Once again, California is setting trends in the world of privacy laws. On September 15, 2022, California’s Governor signed the first comprehensive state law to protect children’s online safety. A week later, on September 23, 2022, the New York Senate introduced a similar bill.
New York’s newly introduced Bill, S9563, the Child Data Privacy and Protection Act (“Bill”), largely mirrors the newly passed California law but has some added protections and procedures that online products targeting children must follow if the law is enacted. …
Continue Reading From Coast to Coast: New York Introduces New Bill Aiming To Enhance Protections For Children Online a Week After California Enacts Similar Law
Last week, the California Legislature passed Assembly Bill 2273: the California Age-Appropriate Design Code Act (“CAADCA”). CAADCA is an online safety bill, which contains unique privacy requirements to protect minors under the age of 18.
Covered Businesses: Covered businesses under the bill include any “business,” as defined by the California Consumer Privacy Act, “that provides an online service, product, or feature likely to be accessed by children.” This means that if your company conducts business in California and (a) has an annual gross revenue of more than $25 million; or (b) alone or in combination, buys, receives for commercial purposes, sells, or shares for commercial purposes the personal information of more than 50,000 consumers, households, or devices; or (c) derives 50% or more of its annual revenue from selling consumers’ personal information, then you will need to evaluate whether your products or services must also address CAADCA requirements.
Continue Reading Child’s Play: Latest California Bill Creates Significant Increase in Regulation for Covered Businesses Collecting Personal Data of Children
As we discussed before, educational institutions are closing campuses and are meeting legal obligations to educate their students by conducting online schooling. Now, some school districts across the country are banning teachers from using Zoom for online schooling during the COVID-19 pandemic due to security and privacy issues surrounding the videoconferencing app. Reported cases of classroom “Zoombombings” included an incident where hackers broke into a class meeting and displayed a swastika on students’ screens, which led the FBI to issue a public warning about Zoom’s security vulnerabilities. New York City School District and Nevada Clark Public Schools disabled Zoom access, while schools in Utah and Washington State are reassessing its use at the time of this posting.
The Children’s Online Privacy Protection Act (“COPPA”) governs an online operator’s collection of personal information from children, i.e., those under 13 years of age. Generally, the act requires verifiable parental consent before an online operator may collect a child’s “personal information,” a term that the rule broadly defines. Verifiable parental consent is not easy to obtain, but it has been simplified, per the FTC’s guidance, for operators collecting online information in partnerships with schools.
Verifiable Parental Consent
The general rule…
Continue Reading Simplifying Classroom Consent: the FTC’s Guidance on COPPA in Schools