Oregon Attorney General Rosenblum joined a bipartisan coalition of 25 State Attorneys General to submit a comment letter to the Federal Trade Commission (“FTC”) asking the agency to strengthen its rules prohibiting websites, mobile applications, and digital marketing companies from collecting personal information from children under the age of 13, and using that information to track children.
In a separate comment letter, AG Rosenblum also offered her perspective regarding the Children’s Online Privacy Protection Rule (COPPA Rule) and the use of educational technology in schools. Oregon’s letter urges the FTC to adopt particular requirements to protect student privacy while using online education services.
“Student privacy has been a top concern of mine as Attorney General, and Oregon has been leading the way in protecting valuable data and the privacy of K-12 students. While technology plays a significant role in helping students in the classroom, it should not come at the price of personal privacy for young students, or their personal data being sold for business opportunities,” said Attorney General Rosenblum.
From the letter AG Rosenblum submitted: “Unfortunately, it appears many education technology companies continue to use vague privacy policies or include terms that conflict with state and federal privacy laws, raising questions about whether companies are complying with their legal obligations. Parents feel helpless to understand, much less control, what information about their children is being collected, with whom it is being shared, and for what purpose.”
Attorney General Rosenblum championed the passage of the “Oregon Student Online Personal Information Protection Act” (OSIPA), which went into effect in 2017. The law prevents third-party vendors who contract with a school from selling student data, using the data for advertisements, or from creating a profile of a student for non-educational purposes.
Many websites and mobile applications collect personal information from users, including geolocation information, browser histories, search histories, voice recordings, and more. The COPPA Rule requires that operators of websites and online services provide notice to parents and obtain verifiable parental consent prior to collecting, using, or disclosing personal information from children under 13 years of age. Both the FTC and State Attorneys General are empowered to enforce COPPA.
The letter from the group of Attorneys General urges the FTC to expand its definitions of personal information to include things like faceprints used to unlock cellphones, health data from internet-connected smart watches, and kids’ genetic information. The letter also urges the FTC to clamp down on companies that embed code in children’s mobile applications and collect data in order to serve children behavioral advertising, and to examine how the rules apply to school-issued laptops that are “free” so long as companies get to collect information from the students using them. Further, the Attorneys General urged the FTC not to create exceptions to the rule that would allow massive websites like YouTube to skirt COPPA’s requirements.
The Attorneys General of Connecticut, Delaware, the District of Columbia, Idaho, Illinois, Iowa, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Nebraska, Nevada, New Mexico, New York, North Carolina, Oregon, Pennsylvania, Tennessee, Vermont, Virginia, and Washington signed the multi-state letter.
The Oregon Department of Justice (DOJ) is led by Attorney General Ellen Rosenblum, and serves as the state’s law firm. The Oregon DOJ advocates for and protects all Oregonians, especially the most vulnerable, such as children and seniors.