PHOENIX – In a letter sent to the Federal Trade Commission (FTC) this week, Attorney General Mayes and a bipartisan coalition of state attorneys general urged the federal government to update and strengthen the rules technology companies must follow under the federal Children’s Online Privacy Protection Act (COPPA).
“A rapidly evolving technology landscape requires updated rules and strategies for keeping children safe online,” said Attorney General Mayes. “With America's youth increasingly facing harm and privacy risks fueled by technology, it's critical the FTC strengthen COPPA to provide stronger protection for children and teens online.”
This is necessary, because the rules governing online privacy protections for children up to age 13 have not been updated in over a decade. At the same time, the digital world has evolved rapidly — with smartphones, social networks, and connected devices becoming an even greater part of our lives.
Congress enacted COPPA in 1998 for the purpose of giving parents more control over information collected online from their children. The legislation directed the FTC to establish regulations for operators of websites or online services regarding how they collect, use, and share personal information of children under 13 years of age.
The FTC is proposing changes to the COPPA Rule that would place new restrictions on the use and disclosure of children’s personal information and further limit the ability of companies to condition access to services on monetizing children’s data. The proposal aims to shift the burden from parents to providers to ensure that digital services are safe and secure for children. The attorneys general coalition wants the FTC to strengthen the amendments it’s proposing to the COPPA rules.
Among other things, the attorneys general are urging the FTC to expand the definition of “personal information” to include biometric identifiers such as fingerprints, retina and iris patterns, a DNA sequence, and data derived from voice data, gait data, and facial data, as well as avatars generated from a child’s image and likeness.
The attorneys general also ask the FTC to adopt a comprehensive framework for determining whether services qualify for a proposed parental consent exception, and to prohibit operators from abusing the multiple-contact exception in COPPA with engagement-maximizing push notifications.
By statute, both the FTC and state attorneys general are empowered to enforce COPPA. Since the COPPA Rule became effective, state attorneys general, on their own and in partnership with the FTC, have pursued multiple actions for violations of the COPPA Rule.
Late last year, Attorney General Mayes and other state attorneys general sued Meta, the parent company of Facebook and Instagram, for violations of state consumer protection laws and COPPA. The complaint alleges Meta knowingly designed and deployed harmful features on Instagram and its other social media platforms that purposefully addict children and teens. All the while, Meta falsely assured the public that these features are safe and suitable for young users. The case is on-going.
Led by the attorneys general of Oregon, Illinois, Mississippi and Tennessee, with assistance from Colorado, Connecticut, Massachusetts, New Jersey, and North Carolina, the comment letter to the FTC regarding amendments to COPPA was joined by Attorney General Mayes and the attorneys general of Alabama, Alaska, Arkansas, California, Delaware, District of Columbia, Florida, Georgia, Hawaii, Indiana, Kentucky, Maine, Maryland, Michigan, Minnesota, Nebraska, Nevada, New Hampshire, New Mexico, New York, Ohio, Oklahoma, Pennsylvania, Puerto Rico, Rhode Island, South Carolina, South Dakota, Utah, Vermont, U.S. Virgin Islands, Virginia, Washington, and Wisconsin.