The following is new. I am considering it “COPPA (Law) 3.0” not to be confused with the Rule update in 2013.
The following was introduced 02/24/2015 by Sen. Menendez, Robert [D-NJ].
COPPA (Law) 3.0 is dead. I hope I’m wrong but lots of words and no enforcement isn’t going to help children.
I challenge the FTC and Congress to prove me wrong.
I had a brief conversion with a high level official at the FTC who manages the COPPA team. I asked why there are so few enforcement actions. The simple answer is that education (that is the FTC educating services and websites on the Rule and not public school education) has been a higher priority than enforcement. The full answer is a bit more complicated than that.
The big answer is that there are more investigations that we don’t hear of because there aren’t enforcement actions in those cases. This means more companies may be whacked over the nose with a newspaper instead of be hauled up by Commission for a a public flogging (with clever prose in the FTC press releases).
The next thing that comes in to play is that responsibility for COPPA enforcement shifted from the advertising unit to the Division of Privacy and Identity Protection in 2013. Because of the common “Ps” we might see higher enforcement (or at least education :() in the future.
The division estimates that that there have been 24 enforcement actions since 1999 which is about 1.6 per year compared to my tally of 1.2.
The new division and leadership went with education first because the new Rule (2.0) went in to effect at about the same time. This makes sense, however the actions are moving at about the same pace we’ve seen since the the new team took over.
It’s hard to tell where this leaves us. Maybe they’ll get frustrated with the wise-guys that have had a long time to be educated and conform but didn’t. I would welcome this and so would the fledgling companies that want to help protect kids with their services and technologies but they are stuck because the infinitesimal chance a potential client would get caught. We’ve seen this in SEC filings. The risk is acknowledged but right now they think it’s cheaper to ignore it and pay a fine. There’s been much ballyhoo about a crack down (which apparently we are in according to sources /snark) but what we’ve seen is peanuts in fines for those that have been busted. The money is nothing (especially if you divided it by the number of kids affected). The damage, if any is public embarrassment by a spanking the FTC gives them. No one has really gone under since the early days when the Commission targeted mom and pop sites that consented to go out of business instead of pay a fine.
I would like to see more enforcement actions. I think my complaints against YouTube and Twitter were solid but I guess they get time to be educated too.
The count-up counter on this site is at 191 days since the last enforcement action at the time this was written. That looks like status quo to me. I have never seen the Commissioners give any more than lip service about COPPA and some congressmen are more interested in “improving” COPPA with a 2.0 version (2.0 Law) without apparently being aware of how the current Law/Rule is malfunctioning. I think Congress is key to getting things fixed but that’s a hard radar to get on.
Meanwhile, let’s hope we see a shift towards more enforcement actions from the Commission’s Division of Privacy and Identity Protection.