Privacy & Cybersecurity Law Blog

On January 7, 2022, U.S. Representatives Kathy Castor (D-Fla.) and Jan Schakowsky (D-Ill.), members of the House Committee on Energy and Commerce, wrote to all of the Children’s Online Privacy Protection Act (“COPPA”) Safe Harbor programs to request information about each program to ensure “participants in the program are fulfilling their legal obligations to provide ‘substantially the same or greater protections for children’ as those detailed in the COPPA Rule” and “to solicit feedback” regarding “ways in which Congress can strengthen COPPA and the COPPA Rule.”

COPPA regulates how “operators” collect and use personal information from children under 13 years old. The statute permits operators to satisfy COPPA regulations by following a set of approved self-regulatory guidelines. The letters stated that it was “critical that COPPA Safe Harbor organizations are working as intended,” but cited concerns about “signs that COPPA Safe Harbor organizations are not adequately doing their job.” Former FTC Commissioner Chopra previously had proposed “[beefing] up oversight of the COPPA safe Harbor program[,]” including by “[l]imiting conflicts of interest by COPPA Safe Harbors by restricting additional fee-based consulting offering by affiliates of the Safe Harbor to participating websites and apps” and “[d]isclosing COPPA Safe Harbor performance data to the public, including complaints handled and disciplinary actions taken.”

This letter follows the FTC’s removal of a previously approved COPPA Safe Harbor organization, Aristotle, signaling continued scrutiny on the sufficiency of these organizations’ COPPA compliance oversight activities.

Read the letter here.