FTC to vote on COPPA enforcement in edtech
May 16, 2022
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
FTC to Vote on Prioritization of COPPA Enforcement in EdTech
As part of its tentative agenda for a May 19 open meeting of the Commission, the FTC announced that it would vote on a policy statement to prioritize enforcement of the Children’s Online Privacy Protection Act in education technology, specifically making clear that parents and schools must not be required to sign up for surveillance as a condition of access to learning tools.
WHY IT MATTERS
The FTC resolved last fall to focus its enforcement efforts on eight core priority areas over the next ten years, one of which was harmful conduct directed at children under 18.
President Biden supported this sentiment with comments in his State of the Union address in March that “it’s time to strengthen privacy protections, ban targeted advertising to children, demand tech companies stop collecting personal data on our children.”
The FTC has also received pressure from U.S. Senate Democrats asking for prohibitions on targeting children.
BEDOYA CONFIRMED TO FTC
The U.S. Senate voted 51-50 to confirm Alvaro Bedoya’s appointment to the Federal Trade Commission, giving Democratic Commissioners a 3-2 majority on the FTC. Bedoya will fill the vacant seat left by Rohit Chopra when Chopra became the Director of the Consumer Financial Protection Bureau. Bedoya will serve the remainder of Chopra’s seven-year term expiring September 26, 2026.
WHY IT MATTERS
Bedoya is a privacy expert and advocate whose research has focused on the potential harms of algorithmic bias and surveillance technologies. He has been openly critical of Big Tech’s power over Congress and state legislatures when it comes to data privacy. Consumer advocacy groups have been pushing for his confirmation in hopes of expediting measures to address big tech and algorithmic bias.
Greece DPA Sends Warning Letters to 30 Websites for Non-Compliant Consent Practices
The Greece Data Protection Authority issued letters to 30 websites in response to observations that the method of obtaining consent for the use of trackers by the websites was not compliant with the DPA’s recommendations.
Specifically, the DPA found that: users were not able to reject consent with the same number of actions, and at the same level, as their ability to consent to trackers and that buttons and fonts for such actions were not of the same size, tone and color to offer the same ease of reading.
The DPA recommended that cookie banners should display “Disagree” or “Reject” options rather than “Agree” and “More Options” and that the “Agree” button should not be highlighted with a color that favors that choice.
Websites receiving letters were given 15 days to comply, and the DPA said they may impose sanctions in case of non-compliance.
WHY IT MATTERS
These recommendations from the DPA are consistent with recommendations and enforcement actions we’ve seen in other jurisdictions, including sanctions against Google by the French Data Protection Authority and notices to Google and other media houses from the Hamburg Data Protection Authority, ultimately causing Google to add a “reject all” button to its cookie consent banners.
The UK Information Commissioner’s Office (ICO) later issued a statement applauding the change and adding that the ICO expects to see the online advertising industry follow Google’s lead.
UK Queen’s Speech Announces Data Reform Bill
The 2022 Queen’s Speech included a statement that “The United Kingdom’s data protection regime will be reformed”. No further detail was provided in the speech, but the Data Reform Bill will reportedly be published in the Summer as part of a wider package of data protection reforms, and the UK government will reportedly be publishing, in the coming weeks, its response to the data protection consultation conducted last autumn.
See last week’s A Little Privacy Please for an assessment of the background and potential impact of the UK data reforms.
NAI Issues User Choice and Transparency Best Practices Guide
The Network Advertising Initiative, a self-regulatory association for the digital advertising industry, issued “Best Practices for User Choice and Transparency“, to help companies avoid dark patterns that make it difficult for users to exercise user choice.
WHY IT MATTERS
The NAI’s Best Practices guide and the Code of Conduct that it supplements are not law, although it has been an increasing focus at the legal level. As the guide points out, California and Colorado privacy laws include prohibitions of certain dark patterns in the context of data collection consent, and dark patterns have been a focus of both California’s and Colorado’s pre-rulemaking information gathering sessions. In Europe, prohibitions on the use of dark patterns was included in the EU Digital Services Act, and the European Data Protection Board recently published guidelines on dark patterns in social media.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
Mozilla rolled out a new default function, "Total Cookie...
Privacy for America, a coalition that includes several ad...
An always up-to-date reference sheet for US state privacy...
Latest White Papers
How to review your vendor list to mitigate compliance...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.