TrustArc Blog

EdTech Companies: Tips on Compliance with the Applicable Regulatory Framework (COPPA)

April 02, 2015

By Shreya Vora, Esq., CIPP/US

Educational technology is really taking off. Kids today use tablets and computers at school, learning apps and a bevy of other online tools. When building products for the education technology sector, all business owners need to consider privacy – everyone from budding entrepreneurs to established companies to large multi-national corporations.  When your technology is aimed at kids there are laws as well as best practices to follow in order to mitigate risk and ensure consumer trust.

Understanding the legal landscape within which your technology is operating is essential to ensuring your company’s survival and success. Failure to comply can lead to hefty fines, the loss of business, reputational damage, and a media nightmare. Understanding the laws and best practices in your industry will empower you to design and update your technology with children’s privacy issues in mind. It goes without saying that given the speed of technological innovation, many of the applicable laws have necessitated (and continue to necessitate) reform to truly address the risks posed by education technology, as well as the data gathered about children through such technology (i.e. what can be done with metadata, data retention policies, use of information for advertising purposes — the list goes on). That said, for those working in this space, there are some key regulations to keep in mind (though this is by no means a comprehensive list).

Read more “EdTech Companies: Tips on Compliance with the Applicable Regulatory Framework (COPPA)”

Parents Concerned About Kids’ Privacy But Still Post Pictures and Help Kids Register for Websites

April 01, 2015

Our latest survey of U.S. and British parents of pre-teen children uncovered some contradictory responses and actions related to their children’s online privacy.

According to this survey, parents say they’re concerned about their children’s online privacy, yet the majority of parents post pictures of their kids to social media websites, and nearly a quarter of both American and British parents say they have helped their child set up an account on a website that requires that children be older than 13.

And 66% of British parents and 69% of American parents surveyed said they post pictures of their children online.

Conversely, both British and American parents said they are concerned about their child’s privacy online (54 and 58 percent, respectively). One quarter of U.S. parents (24 percent) and British parents (25 percent) said they do not allow their children under the age of 13 to use the Internet due to concerns about their child’s online privacy.

Read more “Parents Concerned About Kids’ Privacy But Still Post Pictures and Help Kids Register for Websites”

Kids’ Privacy – It’s All About Respect!

February 06, 2015

By Eleanor Treharne-Jones, CIPP/E, Director, EMEA & Global Communications

In the U.S., recent revisions to Children’s Online Privacy Protection Act (COPPA), and legal action by the Federal Trade Commission have brought renewed attention to the issue of children’s online privacy. In the EU, changes proposed in the draft Data Protection Regulation addressing the protection of children’s online privacy mirror many of those included under COPPA.

There’s been phenomenal growth of mobile applications and games, and we know that pre-teens are among the most active users of this technology. So the question that needs to be addressed is, what is a viable strategy for app publishers to navigate these laws while ensuring parents are informed and in control of their children’s privacy?

Read more “Kids’ Privacy – It’s All About Respect!”

IAPP’s ‘Top 10 Privacy Law Stories of 2014’ — Article by TRUSTe’s Joanne Furtsch

December 19, 2014

The IAPP’s list of “Top 10 Privacy Law Stories of 2014” includes an article by TRUSTe’s Director of Product Joanne Furtsch. The author of the IAPP post, IAPP Knowledge Manager Emily Leach, CIPP, writes, “Privacy + law. Some may see good potential for a snooze fest there, but this year’s top Privacy Tracker stories will surely prove them wrong. From China to California to the EU; starring giant of the leisure industry, the tech industry and global governments, and encompassing battles over personal freedoms and government overreach, these are stories that made sure nobody in privacy could nap on the job.” She continues:

Below, based on click rates, are the year’s most interesting privacy law stories. This may not quite get Barbara Walters-style ratings, but it should. These legislative changes have the power to alter the way billions of people access information—and are surveilled by their governments and their service providers—and may truly shape the modern definition of privacy.

Read more “IAPP’s ‘Top 10 Privacy Law Stories of 2014’ — Article by TRUSTe’s Joanne Furtsch”

COPPA is Not Just for Kids’ Websites Anymore

November 03, 2014

School children using digital tablet outside

This article was first published in the IAPP Privacy Tracker blog on 10/28/14 

By Joanne Furtsch, Director of Product Policy at TRUSTe, CIPP/C, CIPP/US

It’s not just online services and websites targeted toward children that need to be diligent about following Children’s Online Privacy Protection (COPPA) regulations. A few months ago the Federal Trade Commission (FTC) took two companies to court for violating COPPA.

These most recent cases highlight two ends of the spectrum of COPPA violators: One was an app specifically targeted toward children, while the other was a popular app for all audiences that had a faulty age-gate mechanism and was collecting personal information from children under age 13 who were using the app.

Regardless of the audience a website or online service is intended for, these recent cases underscore the importance for companies to ensure they comply with COPPA.

COPPA first went into effect in 2000. It only applies to children under 13 because that age group was deemed the most vulnerable to online marketing (although best practices suggest asking parental permission for all minors). Two years ago the FTC revised the COPPA Rule to keep pace with rapidly changing technology by adding five additional regulations to the existing set of rules. The updates include expanding the types of personal information companies cannot collect from minors under the age of 13 unless the company gets verifiable parental consent (VPC).

Read more “COPPA is Not Just for Kids’ Websites Anymore”

TRUSTe finds extensive number of Third Parties on Kids sites – What this means for COPPA Compliance

June 18, 2013

Tony Berman
Sr. Product Manager | TRUSTe

As most website operators know, the updated COPPA Rule goes into effect July 1, 2013. Included in the update comes an obligation to clearly list all third party operators who collect personal information along with their name and contact information.

With this in mind, earlier this month I used TRUSTe’s Website Monitoring Service to find aggregate data for the top 25 Alexa ranked kids gaming websites. My findings indicate that these sites utilize a great number of third parties including service providers that may be collecting personal information such as persistent identifiers directly from children under the age of 13. These third parties may need to be listed in the gaming website’s privacy policy as collecting data directly from children in order to comply with the updated COPPA Rule. The FTC addresses this requirement in its updated COPPA FAQS in question C.5.

Summary of findings: On average there are over 47 third parties per website. Over 62% of third parties found are advertising related companies, while the next largest category of social/sharing tools is at just over 7%. 77% of third party cookies found are persistent.

Read more “TRUSTe finds extensive number of Third Parties on Kids sites – What this means for COPPA Compliance”