coppa news


The following is new. I am considering it “COPPA (Law) 3.0” not to be confused with the Rule update in 2013.

The following was introduced   02/24/2015 by Sen. Menendez, Robert [D-NJ].

S. 547 “To establish a regulatory framework for the comprehensive protection of personal data for individuals under the aegis of the Federal Trade Commission, to amend the Children’s Online Privacy Protection Act of 1998 to improve provisions relating to collection, use, and disclosure of personal information of children, and for other purposes.”
This is COPPA  (Law) 2.0 trying to come back to life after dying in committee. COPPA 2.0 expanded a law (COPPA 1.0) that wasn’t being enforced. If you want to protect children you should pass a bill or speak to the Commissioners to find out why there are so few enforcement actions then get the FTC to get their hands dirty. The FTC told me that the Commission has averaged 1.6 enforcement actions per year since the turn of the century. Mine estimate is lower probably due to the time between when the law was passed and when enforcement began.
The kitchen sink is present in this bill. Maybe that’s good. Maybe it will protect kids. But adding words, new restrictions and punishments does not help kids and less it is there are more prosecutions. The Commission has told me they are working to educate sites as their top priority. That’s great but the best way to get a lot of sites and services to wake up to COPPA is show them a significant number of enforcement actions.
The risk of COPPA enforcement actions are like fish in a barrel. The difference is, no one is shooting at the barrel or noodling any fish. It just sits there confident in not hitting the fry pan.

COPPA (Law) 3.0 is dead. I hope I’m wrong but lots of words and no enforcement isn’t going to help children.

I challenge the FTC and Congress to prove me wrong.

Email this to someoneShare on FacebookTweet about this on TwitterShare on Google+Share on TumblrDigg thisFlattr the authorShare on RedditShare on StumbleUponBuffer this page

I had a brief conversion with a high level official at the FTC who manages the COPPA team. I asked why there are so few enforcement actions. The simple answer is that education (that is the FTC educating services and websites on the Rule and not public school education) has been a higher priority than enforcement. The full answer is a bit more complicated than that.

The big answer is that there are more investigations that we don’t hear of because there aren’t enforcement actions in those cases. This means more companies may be whacked over the nose with a newspaper instead of be hauled up by Commission for a a public flogging (with clever prose in the FTC press releases).

The next thing that comes in to play is that responsibility for COPPA enforcement shifted from the advertising unit to the Division of Privacy and Identity Protection in 2013. Because of the common “Ps” we might see higher enforcement (or at least education :() in the future.

The division estimates that that there have been 24 enforcement actions since 1999 which is about 1.6 per year compared to my tally of 1.2.

The new division and leadership went with education first because the new Rule (2.0) went in to effect at about the same time. This makes sense, however the actions are moving at about the same pace we’ve seen since the the new team took over.

It’s hard to tell where this leaves us. Maybe they’ll get frustrated with the wise-guys that have had a long time to be educated and conform but didn’t. I would welcome this and so would the fledgling companies that want to help protect kids with their services and technologies but they are stuck because the infinitesimal chance a potential client would get caught. We’ve seen this in SEC filings. The risk is acknowledged but right now they think it’s cheaper to ignore it and pay a fine. There’s been much ballyhoo about a crack down (which apparently we are in according to sources /snark) but what we’ve seen is peanuts in fines for those that have been busted. The money is nothing (especially if you divided it by the number of kids affected). The damage, if any is public embarrassment by a spanking the FTC gives them. No one has really gone under since the early days when the Commission targeted mom and pop sites that consented to go out of business instead of pay a fine.

I would like to see more enforcement actions. I think my complaints against YouTube and Twitter were solid but I guess they get time to be educated too.

The count-up counter on this site is at 191 days since the last enforcement action at the time this was written. That looks like status quo to me. I have never seen the Commissioners give any more than lip service about COPPA  and some congressmen are more interested in “improving” COPPA with a 2.0 version (2.0 Law) without apparently being aware of how the current Law/Rule is malfunctioning. I think Congress is key to getting things fixed but that’s a hard radar to get on.

Meanwhile, let’s hope we see a shift towards more enforcement actions from the Commission’s Division of Privacy and Identity Protection.

Email this to someoneShare on FacebookTweet about this on TwitterShare on Google+Share on TumblrDigg thisFlattr the authorShare on RedditShare on StumbleUponBuffer this page

March 2019
« Oct    
25262728293031 | Your Link to the Law