FTC to vote on COPPA enforcement in edtech

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

USA

FTC to Vote on Prioritization of COPPA Enforcement in EdTech

As part of its tentative agenda for a May 19 open meeting of the Commission, the FTC announced that it would vote on a policy statement to prioritize enforcement of the Children’s Online Privacy Protection Act in education technology, specifically making clear that parents and schools must not be required to sign up for surveillance as a condition of access to learning tools.

WHY IT MATTERS

The FTC resolved last fall to focus its enforcement efforts on eight core priority areas over the next ten years, one of which was harmful conduct directed at children under 18.

President Biden supported this sentiment with comments in his State of the Union address in March that “it’s time to strengthen privacy protections, ban targeted advertising to children, demand tech companies stop collecting personal data on our children.”

The FTC has also received pressure from U.S. Senate Democrats asking for prohibitions on targeting children. 

BEDOYA CONFIRMED TO FTC

The U.S. Senate voted 51-50 to confirm Alvaro Bedoya’s appointment to the Federal Trade Commission, giving Democratic Commissioners a 3-2 majority on the FTC. Bedoya will fill the vacant seat left by Rohit Chopra when Chopra became the Director of the Consumer Financial Protection Bureau. Bedoya will serve the remainder of Chopra’s seven-year term expiring September 26, 2026. 

WHY IT MATTERS

Bedoya is a privacy expert and advocate whose research has focused on the potential harms of algorithmic bias and surveillance technologies. He has been openly critical of Big Tech’s power over Congress and state legislatures when it comes to data privacy. Consumer advocacy groups have been pushing for his confirmation in hopes of expediting measures to address big tech and algorithmic bias. 

EUROPE

Greece DPA Sends Warning Letters to 30 Websites for Non-Compliant Consent Practices

The Greece Data Protection Authority issued letters to 30 websites in response to observations that the method of obtaining consent for the use of trackers by the websites was not compliant with the DPA’s recommendations.

Specifically, the DPA found that: users were not able to reject consent with the same number of actions, and at the same level, as their ability to consent to trackers and that buttons and fonts for such actions were not of the same size, tone and color to offer the same ease of reading.

The DPA recommended that cookie banners should display “Disagree” or “Reject” options rather than “Agree” and “More Options” and that the “Agree” button should not be highlighted with a color that favors that choice.

Websites receiving letters were given 15 days to comply, and the DPA said they may impose sanctions in case of non-compliance. 

WHY IT MATTERS

These recommendations from the DPA are consistent with recommendations and enforcement actions we’ve seen in other jurisdictions, including sanctions against Google by the French Data Protection Authority and notices to Google and other media houses from the Hamburg Data Protection Authority, ultimately causing Google to add a “reject all” button to its cookie consent banners.

The UK Information Commissioner’s Office (ICO) later issued a statement applauding the change and adding that the ICO expects to see the online advertising industry follow Google’s lead. 

UK Queen’s Speech Announces Data Reform Bill

The 2022 Queen’s Speech included a statement that “The United Kingdom’s data protection regime will be reformed”. No further detail was provided in the speech, but the Data Reform Bill will reportedly be published in the Summer as part of a wider package of data protection reforms, and the UK government will reportedly be publishing, in the coming weeks, its response to the data protection consultation conducted last autumn. 

See last week’s A Little Privacy Please for an assessment of the background and potential impact of the UK data reforms. 

INDUSTRY

NAI Issues User Choice and Transparency Best Practices Guide

The Network Advertising Initiative, a self-regulatory association for the digital advertising industry, issued “Best Practices for User Choice and Transparency“, to help companies avoid dark patterns that make it difficult for users to exercise user choice.

Among other best practices, the guide recommends making opt-in and opt-out options look visually similar and equally accessible, avoiding “trick language”, double negatives and manipulative strategies to influence consent, and not burying opt out mechanisms in a privacy policy or other similar document. The guide also includes general explanations of certain laws and regulations and an appendix with relevant enforcement actions.

WHY IT MATTERS

The NAI’s Best Practices guide and the Code of Conduct that it supplements are not law, although it has been an increasing focus at the legal level. As the guide points out, California and Colorado privacy laws include prohibitions of certain dark patterns in the context of data collection consent, and dark patterns have been a focus of both California’s and Colorado’s pre-rulemaking information gathering sessions. In Europe, prohibitions on the use of dark patterns was included in the EU Digital Services Act, and the European Data Protection Board recently published guidelines on dark patterns in social media.  

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.