Children’s Online Privacy Protection Act

Over the last few years, there has been an increased focus on the collection of children’s personal information in the United States. For example, many states have begun passing laws that significantly increase regulation for businesses collecting personal information from children, see our previous discussion on California’s Age-Appropriate Design Code Act. Additionally, at the federal level, the Federal Trade Commission (FTC) has increased its focus on the Children’s Online Privacy Protection Act (COPPA), specifically in the educational context.

Continue Reading Children’s Online Privacy Protection Act Update! FTC Enforcement and New Parental Consent Proposal

Once again, California is setting trends in the world of privacy laws. On September 15, 2022, California’s Governor signed the first comprehensive state law to protect children’s online safety. A week later, on September 23, 2022, the New York Senate introduced a similar bill.

New York’s newly introduced Bill, S9563, the Child Data Privacy and Protection Act (“Bill”), largely mirrors the newly passed California law but has some added protections and procedures that online products targeting children must follow if the law is enacted.
Continue Reading From Coast to Coast: New York Introduces New Bill Aiming To Enhance Protections For Children Online a Week After California Enacts Similar Law

Last week, the California Legislature passed Assembly Bill 2273:  the California Age-Appropriate Design Code Act (“CAADCA”).  CAADCA is an online safety bill, which contains unique privacy requirements to protect minors under the age of 18.

Covered Businesses:  Covered businesses under the bill include any “business,” as defined by the California Consumer Privacy Act, “that provides an online service, product, or feature likely to be accessed by children.”  This means that if your company conducts business in California and (a) has an annual gross revenue of more than $25 million; or (b) alone or in combination, buys, receives for commercial purposes, sells, or shares for commercial purposes the personal information of more than 50,000 consumers, households, or devices; or (c) derives 50% or more of its annual revenue from selling consumers’ personal information, then you will need to evaluate whether your products or services must also address CAADCA requirements.
Continue Reading Child’s Play: Latest California Bill Creates Significant Increase in Regulation for Covered Businesses Collecting Personal Data of Children

As we discussed before, educational institutions are closing campuses and are meeting legal obligations to educate their students by conducting online schooling. Now, some school districts across the country are banning teachers from using Zoom for online schooling during the COVID-19 pandemic due to security and privacy issues surrounding the videoconferencing app.  Reported cases of classroom “Zoombombings” included an incident where hackers broke into a class meeting and displayed a swastika on students’ screens, which led the FBI to issue a public warning about Zoom’s security vulnerabilities. New York City School District and Nevada Clark Public Schools disabled Zoom access, while schools in Utah and Washington State are reassessing its use at the time of this posting.

Amid the raised safety concerns, Zoom responded and advised schools to protect video calls with passwords and to lock down meeting security with currently available privacy features in the software. On March 18, 2020, Zoom added a privacy policy specific for K-12 schools and districts stating that it is “designed to reflect our compliance” with student privacy laws and also posted best practices for teachers to use.

Continue Reading COVID-19 Bulletin: ZOOM Challenges Provide Timely Reminder about Need for Diligence in Managing Privacy and Security and Student Data

The Children’s Online Privacy Protection Act (“COPPA”) governs an online operator’s collection of personal information from children, i.e., those under 13 years of age.  Generally, the act requires verifiable parental consent before an online operator may collect a child’s “personal information,” a term that the rule broadly defines.  Verifiable parental consent is not easy to obtain, but it has been simplified, per the FTC’s guidance, for operators collecting online information in partnerships with schools.

Verifiable Parental Consent
The general rule
Continue Reading Simplifying Classroom Consent: the FTC’s Guidance on COPPA in Schools