To view this email online, paste this link into your browser:
[link removed]





 

([link removed])

FTC Prioritizes COPPA Cybersecurity and Data Minimization Enforcement to Bolster Student Privacy

Student and children’s privacy laws have long been criticized for their lack of enforcement ([link removed]), but in an important step toward improving privacy for students and children and securing their data, the Federal Trade Commission (FTC) unanimously approved a policy statement ([link removed]) that makes clear the agency’s intent to prioritize enforcement of existing cybersecurity and data minimization requirements under the Children’s Online Privacy Protection Act (COPPA) ([link removed]). CDT welcomes the statement, which highlights the importance that education technology vendors meet their existing responsibilities under COPPA.

“The FTC’s policy statement underscores the importance of thoughtful data practices in protecting students’ privacy,” said CDT President & CEO Alexandra Givens. “Limitations on data collection, use, and retention are essential to protect individuals from privacy harms and cybersecurity risks. We applaud the FTC for its work to strengthen enforcement of children’s privacy requirements in the context of education technology, and particularly thank the Commissioners who championed data minimization as a vital component of this work. While this policy statement represents an important step forward, we also join the call for the FTC to complete its long-awaited review of the regulations that govern children’s privacy, and to align those reforms with the wider movement to protect everyone’s privacy at the federal level.”

Critically, the statement notes that “even absent a breach, COPPA-covered [education technology] providers violate COPPA if they lack reasonable security.” Strong cybersecurity protections are essential, as K-12 cyberattacks ([link removed]) are not only on the rise but increasingly aimed at the online services that COPPA covers. COPPA and its rules ([link removed]) already require online service providers to adopt “reasonable procedures to protect the confidentiality, security, and integrity” of children’s data, and the policy statement underscores that security must be a top priority. 

Further, the statement clarifies that COPPA’s privacy requirements will be enforced, particularly around data minimization, use limitations (for educational purposes), and retention limits. These requirements have long been part of COPPA, and CDT supports these increased enforcement efforts to help protect students online in the same way we expect them to be protected in the classroom.

For more information on this issue, see CDT’s previous call for the FTC to ensure that COPPA protects student privacy ([link removed]) and for Congress to bolster protections for children and teenagers by establishing robust privacy protections nationwide ([link removed]).

#CONNECT WITH CDT

DONATE ([link removed])

([link removed])

([link removed])

([link removed])

([link removed])





1401 K St NW Suite 200 | Washington, DC xxxxxx United States

This email was sent to [email protected].
To ensure that you continue receiving our emails,
please add us to your address book or safe list.

manage your preferences ([link removed])
opt out ([link removed]) using TrueRemove(r).

Got this as a forward? Sign up ([link removed]) to receive our future emails.
email powered by Emma(R)
[link removed]