FTC Proposes Long-Anticipated Changes to COPPA Rules

By Christopher S. Schuster, Counsel, and Managing Member

For the first time since 2012, the Federal Trade Commission (FTC) published a series of proposed revisions to the Children’s Online Privacy Protection Act (COPPA) Rules. The proposed changes reflect the FTC’s commitment to adapting the pertinent regulations to the evolving online landscape and technological advancements, especially within the EdTech space. The full text of the Notice of Proposed Rulemaking is available here.

Of particular note:

• The proposed rules would implement strict data retention and deletion requirements emphasizing that covered entities may only retain personal information for the specific purpose for which it was collected. Covered entities would be required to publicly post their data retention policies.

• The proposed rules would expand the definition of personal information to include biometric identifiers. The notice also seeks additional comments regarding the inclusion of avatars generated from a child’s image and whether inferred data should be included in the definition of personal information.

• The proposed rules also require notice and consent for engagement-enhancing techniques, including push notifications.

SIGN UP TO READ additional insights on

the proposed changes and RECIEVE UPdates on developments

We encourage all EdTech companies to provide feedback on these extensive changes during the 60-day public comment period. CSS will continue monitoring developments and provide additional guidance on the impact of these revisions. Please provide your information to receive the additional highlights.