TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

United States Privacy Digest | Notes from the IAPP, May 27, 2022 Related reading: Notes from the IAPP, May 20, 2022


Greetings from Portsmouth, New Hampshire.

We are beginning to wrap up the school year, which means we're scrolling through online portals to nudge kids to complete assignments, catching last-minute notes from teachers about those assignments and of course, peeking at grades. 

Not for the first time since the pandemic started, we've thought about how these platforms are using the kids' information. Are they squirreling it away somewhere, is it being sold to third-party vendors? And then, because there have been so many other things to deal with during the last two years, those questions have quietly been pushed to the back of our minds.

Those questions bubbled back up after the recent U.S. Federal Trade Commission vote to adopt a policy "regarding increased scrutiny and focus on Children's Online Privacy Protection Act violations involving education technology companies." While the vote doesn't change the agency's interpretation of the Children's Online Privacy Protection Act, it does offer some guidance. In case you missed it, IAPP Staff Writer Joe Duball has the details on the vote in The Privacy Advisor. 

Earlier this week, The Washington Post shared the results of an international study conducted by advocacy group Human Rights Research that found educational tools used by students during the pandemic may have tracked and shared their information at an alarming scale. The group looked at 164 educational applications and websites in 49 countries and found that "90 percent of the educational tools were designed to send the information they collected to ad-technology companies."

“Children,” lead researcher Hye Jung Han wrote, were “just as likely to be surveilled in their virtual classrooms as adults shopping in the world’s largest virtual malls.”

The Human Rights Watch identified Schoology, a learning app used by more than 20 million U.S. students, may contain code that "would have allowed it to extract a unique identifier from the student’s phone ... that marketers often use to track people across different apps and devices and to build a profile on what products they might want to buy." According to WaPo, the group could not identify which data may have been collected. At the moment, the research has been released to a select numbers of outlets, but the group has promised to reveal the full results of the study within the coming weeks. 

On the legislative front the California Age-Appropriate Design Code Act passed the California Assembly by a vote of 66-0. The Senate has until Aug. 31 to advance the bill. If passed and signed into the law, it would go into effect Jan. 1, 2024. It is modeled after the U.K. Children's code and contains provisions for children's data protection and limits to online exposure for minors under age 18.

The California legislature also advanced the Social Media Platform Duty to Children Act May 24 to the Senate and is pending a committee referral. This bill would impose on an operator of social media sites, a duty not to addict child users and would "prohibit a social media platform from addicting a child user by ... certain means, including the use or sale of a child user’s personal data." The act imposes a civil penalty fine of up to $25,000 per violation. 

As always, we'll keep you up to date on these happenings.

On a separate note, it has been a difficult week here in the U.S. The senseless killing of 19 children and two adults at Robb Elementary School in Uvalde, Texas, weighs heavily as we begin the long weekend and wrap up the school year. It's OK to not be OK right now. Be safe.


If you want to comment on this post, you need to login.