Good afternoon! We are excited to return FPF’s Youth & Education Privacy Newsletter to a monthly schedule. Each month, an FPF expert from the Youth & Ed team will curate timely updates that include the latest student and children's privacy news. This last month’s news was curated by me, Bailey Sanchez. My work as Policy Counsel on the Youth & Ed team has recently focused on state and federal child privacy legislative developments, and in this issue you’ll read an analysis I co-wrote on a recent FTC COPPA enforcement action. Next month you will hear from Miles Light, Policy Counsel. There is a lot happening in student and children’s privacy, as both topics have been the subject of national attention in recent months. By rotating FPF experts, we will spotlight different perspectives on important issues in these areas. Below you will find several key updates from the last month, including:

  • President Biden endorses heightened federal privacy protections for kids
  • New evidence of the practical challenges of age verification
  • COPPA enforcement actions by the FTC and CARU
  • Fresh controversies regarding student surveillance
We want to hear from you - what’s on your mind, and how can we help? Reach out to us anytime by replying to this newsletter!

Hopes for Peace in Ukraine

We cannot talk about kids and technology without first acknowledging the horrific events unfolding in Ukraine and the particular toll war and displacement is taking on young people and families in the region. FPF stands with the people of Ukraine and hopes for peace. Many kids are undoubtedly encountering information online related to the heartbreaking, horrifying war in Ukraine. Talking to kids about difficult events is hard but important. Common Sense Media provides a number of great resources that may be helpful to parents and educators alike during this time, including Explaining the News to Our Kids and a list of the Best News Sources for Kids. The American Psychological Association also has helpful tips for talking to children about the war in Ukraine. More on how FPF is responding to the crisis in Ukraine.

A Presidential endorsement - and big developments - in the kids' privacy debate.

In a potential “game-changer” for children’s data privacy legislation, President Biden weighed in on the issue during his State of the Union Address on March 1, saying in part, “It’s time to strengthen privacy protections, ban targeted advertising to children, [and] demand tech companies stop collecting personal data on our children.” The President’s remarks about social media were part of a broader proposal to address “our national mental health crisis.Read our SOTU analysis, and the response from Senators Markey (D-MA) and Cassidy (R-LA).

The news didn’t stop there. Roblox became the first tech company to endorse California state legislation that proposes design-centric child privacy safeguards and Meta launched new parental control features for both VR and Instagram.

Two other reads worth your time on this topic: “Is crackdown on social media for kids too late?” (EdSource) and “The danger of making the internet safe for kids” (Recode).

No easy answers for age verification

How do you verify someone’s age online, without creating privacy risks? It’s not as easy as it sounds, the Wall Street Journal reports, in part because “most methods of verifying age create new problems of their own… enterprising children will be able to find ways to defeat all but the most intrusive verification processes.” But recent activity in Europe, including the successful pilot of an interoperable age-verification process using a browser cookie offers a preview of potential paths forward.

COPPA Crackdown
Two recent examples highlight the importance of complying with COPPA and the high stakes for both kids and companies when issues arise. The Children’s Advertising Review Unit (CARU), an industry self-regulation group, reported that TickTalk, a smartwatch designed for young kids, failed to obtain valid parental consent before collecting data from its users, prompting a CARU investigation and TickTalk’s development of a detailed remediation plan. 

At the state level, the U.S. District Court for the North District of Illinois approved a $1.1 million class-action settlement with TikTok. The complaint alleges that the app tracked, collected, and disclosed children’s data without parental consent. 

At the federal level, the FTC and DOJ announced a settlement with WW International (formerly Weight Watchers) and its pediatric subsidiary alleging that its kid-focused app, Kurbo by WW, improperly collected data from kids as young as 8 years old. This settlement is noteworthy as it marks the first time in a COPPA enforcement action that the Commission required a company to delete all “affected work product” - including algorithms - related to the data collection. What does that mean in practice? FPF’s John Verdi spoke to NPR’s The Indicator to explain. Read FPF’s analysis of the settlement, and learn about the process that companies must go through under COPPA in order to obtain Verifiable Parental Consent (VPC).

More student data collection = more student data vulnerabilities.
The volume of student data collected by schools increased at all levels during the pandemic, and while some of that data collection is helpful to schools that are seeking to improve student outcomes post-pandemic, it is increasingly clear there can be substantial downside, too. Two recent examples of note, from both K-12 and higher ed:

Between the rapid implementation of student surveillance software that flags terms including “gay,” “lesbian,” and “transgender” and controversial state legislation like Florida’s recently-passed “Don’t Say Gay” bill and a wave of similar bills across the country, many fear that LGBTQ student privacy and safety is increasingly at risk in K-12 schools. “There is no justifiable reason for any of these measures […] for many LGBTQ kids, schools can be an important lifeline for information — and a source of comfort that they are not alone,” The Washington Post’s editorial board wrote. More from FPF on the implications of school surveillance here and here.

George Washington University apologized for a pilot project that collected location data from students, faculty and staff without their consent last fall, acknowledging the effort “raises important privacy considerations and potential breaches of expected ethical norms in higher education.” The GW student newspaper went further in a scathing editorial, calling it a “shocking breach” and “outrageous violation of student privacy.” Experts point out that programs like GW’s  will reduce trust on campus.
83% of voters support giving parents the ability to identify the harms caused to their children by social media, and 81% support giving parents the ability to disable addictive product features, a new Morning Consult/Politico survey found.
1 week: 25% of parents state that their child missed more than a week of school in January, as students and schools coped with quarantines, illness, and bad weather, the New York Times reported.
$1.5 million: the penalty WW International, formerly known as Weight Watchers, agreed to pay as part of its settlement with the FTC over accusations its pediatric-focused weight loss app illegally collected data from young kids without their parents’ consent.
4,200 students’ data was compromised when an Ohio school district erroneously shared their names and discipline records in response to a public records request.
20x: a new report estimates that K-12 cybersecurity incidents may be 10-20 times greater than what is publicly known
80%: In late 2019, YouTube started cutting millions of videos from YouTube Kids in an effort to clean up the platform, ultimately reducing its library size by 80%, the Wall Street Journal reports.
2: the number of metal detectors that will be available to each Winston-Salem/Forsyth County Schools middle and high school, as needed. The local school board also approved spending $220,000 to install 122 cameras at 3 middle schools.
FPF kept a close eye on SXSW EDU in early March, including tuning into a panel on higher education privacy perspectives with former Senior Fellow Joanna Grama.
FPF partnered with Common Sense Media and Project Unicorn to host a webinar on App Vetting and Data Governance.
Why was 2021 more challenging for schools in terms of privacy than 2020? FPF Senior Technologist Jim Siegl spoke with the K-12 Tech Experience podcast in a wide ranging conversation. Listen here.
Read the blog post from FPF's Bailey Sanchez and Lauren Merk here and and listen to John Verdi speak with NPR here.
Utah has followed California, Virginia, and Florida to become the fourth state to establish a baseline regime for the protection of personal data. Read more from FPF here.
IAPP’s Global Privacy Summit is happening in Washington, D.C. April 11 - 13. Visit with FPF Staff at FPF’s booth, or catch Jules Polonetsky discussing the FTC’s new privacy agenda with FTC Commissioner Noah Phillips.
As exam season approaches, we can’t stop thinking about this story from The Markup,A Network of Fake Test Answer Sites Is Trying to Incriminate Students.” We certainly don’t condone cheating, but trying to catch one unethical behavior using another ethically questionable one is alarming and makes for an unsettling read.
Copyright © 2022 Future of Privacy Forum, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.