The Federal Trade Commission has a warning for education technology companies: Stricter enforcement is coming against those who illegally surveil children when they go online to learn.
In a policy statement issued last week, the commission reiterated the provisions of the federal Children’s Online Privacy Protection Act, under which companies cannot force parents and schools to surrender children’s privacy rights in exchange for access to educational tools. This includes platforms for completing schoolwork online or to attend class remotely.
Under increased scrutiny, violators could face potential civil penalties, as well as new requirements and limitations on their business practices. This includes imposed fines of up to $43,280 per privacy violation per child, a number that could increase each year based on inflation.
“Parents and schools are forced to navigate an industry that is dominated by the commercial surveillance business model,” the commission wrote in a statement accompanying the policy. “These services have the capacity to collect a trove of personal information, and there are serious concerns that this data may be used to build profiles of kids.”
While the new policy statement does not introduce new rules, the commission reminds companies that they cannot require children to provide more information than is reasonably needed to participate in an activity.
Ed-tech providers are also prohibited from using children’s data for commercial purposes, including marketing or advertising, and cannot retain personal information for future use. They must also have procedures in place to maintain the security and confidentiality of data.
Ed-tech companies have played an increasingly critical role in delivering lessons to students, especially during the pandemic, the commission noted. But agency officials also said the proliferation of ed-tech has created a need for increased scrutiny of companies’ data-privacy practices.
“The goal at the commission is to get companies that market software and systems that are used in the classroom to wake up and realize that there are potentially significant penalties around the corner if they don’t comply with the provisions of COPPA,” said John Davisson, director of litigation and senior counsel at the Electronic Privacy Information Center, a Washington-based independent nonprofit research center.
According to Davisson, noncompliance with data-privacy laws is common across the tech industry. In some cases, tools that are not specifically designed for education are nevertheless being used in the classroom.
“There’s just such a large, complex ecosystem of apps and tools out there,” Davisson said. “The issues are pretty widespread.”
The Federal Trade Commission is signaling a clear shift though, as this newly released statement, approved unanimously by all five commissioners, emphasizes more aggressive enforcement. It places the responsibility of protecting student privacy on ed-tech developers, rather than school districts and parents, Davisson said.
“As you start to see tech providers in violation of COPPA facing substantial fines and quite restrictive changes to business practices, other developers are going to take notice,” Davisson said. “Hopefully, that, in the long term, affects market behavior and forces providers to take the issue of children’s privacy seriously.”
Photo: FTC Chair Lina Khan during a confirmation hearing last year before the U.S. Senate Committee on Commerce, Science, and Transportation. Graeme Jennings/Washington Examiner via AP.