Much of the focus at the U.S. Federal Trade Commission's "Future of the COPPA Rule" workshop focused on the misconceptions surrounding the nearly two-decades-old rule. Panelists at the event Monday sought to shed some light on the Children's Online Privacy Protection Act: what it is — and perhaps more importantly — what it isn't. The workshop is part of the
"The ability of a strange person to contact and communicate with a child is not the same as an advertisement appearing when they watch a show. We must recognize that," Phillips said. "What's more, focusing on the possibility of harm and discounting completely the promise of technology seems the wrong course to me."
Phillips used education technology as an example of why there should be careful consideration of any potential changes. Many have decried edtech vendor's collection and retention of data, but Phillips said those tools support children's development while aiding teachers and parents in educating children.
"Just because we are talking about privacy and just because we are talking about kids, more regulation is not necessarily better, including for kids," Phillips said. "COPPA is all about empowering parents and protecting kids. You should keep that in mind."
Phillips also highlighted the timing around COPPA's creation may have driven some of the misconceptions around the law today. Equity Matters Principal Samantha Vargas Poppe said there has been a sizable demographic shift since it was put into law at the turn of the century. Poppe cited a report from the U.S. Census Bureau that found 2018 was the first year in which the majority of children under the age of 15 were children of color.
Poppe said while the COPPA's mission is to protect all children equally, time has found it has not been equipped to do so. She added COPPA was born in a "generation of one-size-fits-all legislation." It may do the job when considering children in the abstract; however, Poppe said the online experience differs greatly on a personal level, and hopefully an updated COPPA can take the difference into consideration.
"It hasn’t done a good job of including a focus on the fact that different populations and an increasingly multicultural population of youth have different experiences that influence their decisions," Poppe said. "More recent discussions in privacy have touched on this, and I challenge everyone to bring that into these debates while they are thinking about how to strengthen this rule and make it work better to protect kids."
While COPPA has been around for quite some time, there is still a level of uncertainty about what it actually covers. Common Sense Media's Ariel Fox Johnson, CIPP/US, said one COPPA fallacy she often hears is that it contains a flat prohibition on collecting children's personal data.
"These misconceptions show the gap between what consumers expect from COPPA and what COPPA is actually doing," Johnson said. "While COPPA does have some flat prohibitions on use, it’s been primarily enforced as a notice-and-consent statute, and I think at this point consumers are looking for more."
Perhaps adding to common misconceptions about COPPA is the extent to which the burden is placed on consumers in terms of the law's efficacy. Cambridge Public Schools Chief Information Officer Steve Smith said the balance of responsibility to make responsible decisions about "consent" for companies to collect children's data has been shifted too heavily on parents.
For example, Smith said, attendees of the FTC's workshop yesterday were still working to understand just how much children's data is collected throughout the digital ecosystem, and most of them work in the field. To ask parents to make an informed decision on consent may be a bridge too far to cross.
"I think there’s a misconception that parents are well informed enough to make a good decision about consent. I’d say the majority of them are not in a position to make a well-informed decision," Smith said.
Future of Privacy Forum Senior Counsel & Director of Education Privacy Amelia Vance said too many people treat COPPA as an "umbrella" that covers everything from data collection to whether apps have the proper privacy and security protocols in place. Vance hopes the review can help shift the perception of the law from a savior of sorts to an important part of a larger puzzle.
"Nobody quite knows exactly what [COPPA] actually is. Getting down to the nitty-gritty and maybe not seeing COPPA as a one size fits all, but as a piece of the ecosystem is something I hope we see more moving forward," Vance said.