FTC Votes Unanimously to Release New COPPA Policy Statement and Proposed Amendments to the Endorsement Guides | #itsecurity | #infosec


On May 19, 2022, at an open commission meeting, the Federal Trade Commission (FTC) voted unanimously to: 1) release a new policy statement on the Children’s Online Privacy Protection Act (COPPA) indicating that the FTC will prioritize enforcement of COPPA’s substantive provisions and closely scrutinize EdTech providers; and 2) publish a request for public comment on proposed amendments to the Endorsement Guides (the guides) that are intended to bring them in line with current advertising practices. This was the first open commission meeting for Commissioner Alvaro Bedoya, whose confirmation on May 11 broke the FTC’s months-long 2-2 split along party lines.

Policy Statement Emphasizes Enforcement of Substantive COPPA Provisions, Scrutiny of EdTech Providers

The FTC’s new COPPA policy statement does not break new ground in its policy approach, but it does amplify the rhetoric against EdTech providers who use children’s data for commercial purposes and provides insight into the FTC’s current priorities with respect to COPPA. The statement indicates that the FTC will be prioritizing enforcement of COPPA’s substantive protections, including limitations on data collection, use, and retention, as well as data security requirements:

  • Collection limitations: Under COPPA, covered companies cannot require children to disclose more personal information than is reasonably necessary to participate in the activity for which the information is collected.
  • Use limitations: Covered EdTech providers that obtain parental consent through schools to collect children’s personal information can only use that information for the use and benefit of the school and for no other commercial purpose, including marketing or advertising.
  • Retention limitations: Covered companies cannot retain children’s personal information for longer than is necessary to fulfill the purpose for which it was collected.
  • Data security requirements: Covered companies must have procedures in place to protect the confidentiality, security, and integrity of children’s personal information. In the policy statement, the FTC makes clear that covered companies violate this requirement if they lack reasonable security, even absent a breach.

The policy statement also notes that the FTC will be closely scrutinizing EdTech providers’ compliance with these requirements, as the agency believes children’s privacy concerns are “particularly acute” in the school context. In addition to providing guidance to EdTech providers on the substantive COPPA provisions referenced above, the policy statement directs EdTech providers to review the FTC’s COPPA FAQs for additional guidance.

Republican Commissioners Christine Wilson and Noah Phillips both noted at the meeting that this policy statement is being issued despite the fact that the FTC has yet to complete its review of the COPPA Rule, a process the FTC initiated back in 2019. We expect that additional guidance on, or changes to, the COPPA Rule will come when the FTC completes that review process.

Proposed Amendments to Modernize the Endorsement Guides

The FTC’s proposed amendments to the Endorsement Guides are the outcome of the agency’s review of the guides initiated in early 2020. At the open meeting, FTC staff gave a presentation on the proposed amendments, which fall into five main categories: 1) outlining potential liability for different members of the endorsement ecosystem, including intermediaries and platforms; 2) updating Endorsement Guides definitions; 3) providing additional guidance on material connections; 4) providing additional guidance on consumer reviews; and 5) adding a section on endorsements and children.

Some notable takeaways regarding the proposed amendments include:

  • Platform liability: The proposed amendments serve as a warning to social media platforms that, in the FTC’s view, some of the tools they offer to facilitate disclosures of material connections by endorsers are inadequate and may open them and endorsers up to liability.
  • Fake reviews: The proposed amendments seek to clarify that fake reviews are prohibited under the Endorsement Guides, and that review suppression and similar practices that distort consumer reviews are prohibited.
  • Tags and virtual influencers can be covered: The proposed amendments clarify that tags in social media posts can be “endorsements” and virtual influencers (computer-generated fictional characters) can be “endorsers” covered by the guides.
  • Child-directed endorsements: The proposed amendments would also add a section to the Endorsement Guides acknowledging that endorsements directed to children may be of a special concern, and as a result, practices that would not ordinarily be questioned in ads directed at adults might be questioned if directed to children.

When discussing the proposed amendments at the open meeting, Chair Lina Khan said that compliance with the Endorsement Guides would not provide companies with a safe harbor when it comes to child-directed advertising. She argued that children under 13 are particularly at risk of being deceived by ads, and said that, although groups have called on the FTC to provide more guidance on advertising to children, the FTC lacks the record to provide that guidance at this time. Presumably for that reason, during the meeting, FTC staff announced that the FTC will be holding an event on October 19, 2022 on protecting children from stealth advertising in digital media. It is likely that the FTC will use that event to try to develop a record on child-directed advertising, which may inform further changes to the guides in the future.

Wilson Sonsini Goodrich & Rosati closely follows developments with regulatory organizations such as the FTC. For more information, or if you need assistance with regulatory compliance regarding children’s privacy, endorsements, or other privacy or consumer protection issues, please contact Maneesha Mithal, Kelly Singleton, Laura Ahmed, or another member of Wilson Sonsini’s privacy and cybersecurity practice.

Laura Ahmed, Maneesha Mithal, and Kelly Singleton contributed to the preparation of this Wilson Sonsini Alert.



Original Source link

Leave a Reply

Your email address will not be published.

thirty − twenty seven =