The Federal Trade Commission announced today that it will crack down on education technology companies if they illegally surveil children when they go online to learn. In a new policy statement adopted today, the Commission made it clear that it is against the law for companies to force parents and schools to surrender their children’s privacy rights in order to do schoolwork online or attend class remotely. Under the Children’s Online Privacy Protection Act, companies cannot deny children access to educational technologies when their parents or school refuse to sign up for commercial surveillance.
“Students must be able to do their schoolwork without surveillance by companies looking to harvest their data to pad their bottom line,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Parents should not have to choose between their children’s privacy and their participation in the digital classroom. The FTC will be closely monitoring this market to ensure that parents are not being forced to surrender to surveillance for their kids’ technology to turn on.”
The policy statement underscores that, even as companies across the economy become more aggressive in harvesting and monetizing individuals’ data, ed tech providers cannot do the same: Ed tech providers must comply fully with all provisions of the COPPA Rule. Today’s policy statement makes clear that the Commission will vigilantly enforce the law to ensure that companies covered under COPPA are complying with all of the rule’s provisions, including:
- Prohibitions Against Mandatory Collection: Companies cannot require children to provide more information than is reasonably needed for participation in an activity.
- Use Prohibitions: Ed tech providers that collect personal information from a child with the school’s authorization are prohibited from using the information for any other commercial purpose including marketing or advertising.
- Retention Limitations: Ed tech providers are prohibited from retaining children’s personal information for longer than is necessary to fulfill the purpose for which it was collected and therefore cannot keep such data just because they might want to use it in the future.
- Security Requirements: Ed tech providers must have procedures to maintain the confidentiality, security, and integrity of children’s personal information.
The policy statement notes that companies that fail to follow the COPPA Rule could face potential civil penalties and new requirements and limitations on their business practices aimed at stopping unlawful conduct.
The Commission voted 5-0 at an open meeting to adopt the policy statement. Chair Lina M. Khan as well as Commissioners Rebecca Kelly Slaughter, Christine Wilson and Alvaro Bedoya issued statements on the matter, which will be posted today.