Not All Safe Harbors are Equal to the Task of Compliance with COPPA
Washington, DC – August 10 – Privacy Vaults Online (PRIVO), an innovator in children’s privacy assurance, age verification and parental consent, agrees with the FTC action to remove Aristotle International, Inc. from the COPPA Safe Harbor Program. However, PRIVO executives met with key Capitol Hill leaders, including legislative directors for Senator Edward Markey (D-MA) and Senator Bill Cassidy (R-LA), the COPPA co-sponsors, to ensure COPPA Safe Harbors remain part of the compliance and self-regulatory plans for any future revisions to the legislation.
CEO Denise G. Tayloe also met with key officials this past week from Senator Marsha Blackburn’s (R-TN) legislative staff on technology to fight back against “big tech hysteria” that self-regulation compliance schemes are allowing social media and gaming platforms a free pass and will be meeting with Senator Richard Blumenthal’s (D-CT) office this week. She received assurances that COPPA Safe Harbors are the law of the land.
“PRIVO believes that the COPPA Safe Harbor program was always the smartest approach for Congress and the FTC to have taken to allow for the most nimble development of privacy solutions,” said Tayloe. “Given the fast pace of innovation and change online, only COPPA Safe Harbors which meet strict compliance standards and have developed deep implementation understanding of how to protect children’s privacy while meeting both the spirit and letter of the law should remain viable.”
Through its disqualification and removal of Aristotle, the FTC has identified a model that didn’t work,” she added. Aristotle is a purveyor of voter data for political campaigns it sought to cross-reference for age verification (via voter registration).
“The FTC ruling last week reinforces PRIVO’s comments on the original Aristotle application that COPPA compliance certification is not a fungible digital solution that can easily be implemented with code repurposed from other digital applications,” said Tayloe. Aristotle’s model relied on voter data. “By removing COPPA Safe Harbors that fundamentally do not work, the entire Safe Harbor program is strengthened,” she noted.
“The FTC will no longer allow self-regulatory organizations to flout their obligations under Children’s Online Privacy Protection Act (COPPA) rules. Aristotle will no longer be recognized by the FTC as an approved Safe Harbor program,” said Samuel Levine, Acting Director of the FTC's Bureau of Consumer Protection. “There is a clear conflict of interest when self-regulatory organizations are funded by the website operators and app developers they are supposed to police, so we will be closely scrutinizing other children’s privacy oversight.”
PRIVO welcomes any such scrutiny as fundamental to strengthening not only the Safe Harbors who do provide guidance and self-regulatory advice, but also to support FTC Enforcement of COPPA when bad actors are not properly acknowledging online services are directed to or attract children and are relying on a weak implementation of their actual knowledge.
Prior to the summer annual comprehensive COPPA Safe Harbor reporting requirement to the FTC, Aristotle was notified of the FTC’s concern that it’s program may not be sufficiently monitoring its member companies. On June 1, Aristotle agreed to withdraw from COPPA Safe Harbor.
FTC Commissioner Rohit Chopra said on Twitter the delisting "is an important course correction when it comes to enforcing children's privacy protections." PRIVO has met with Commissioner Chopra and other FTC Commissioners like Noah Phillips’ key staff to provide guidance on strengthening COPPA Safe Harbor and much needed enforcement.
Claire Quinn, Chief Privacy Officer for PRIVO, agreed with the FTC decision but added the old adage: “let’s not throw the baby out with the bathwater.” She indicated some U.S. legislators are attempting to paint all Safe Harbors as simple endorsements or rubber-stamp advocates for companies who violate children’s privacy. Quinn discussed PRIVO’s global footprint, leading international children and family brands as clients, and 20 years in business as evidence of its commitment to Safe Harbor.
“We use a combination of open-source packet sniffing tools to run reports on online services,” said Quinn. “And we analyze the privacy reports cross-referencing with our in-house purpose-built third-party service library. The transparent reports allow us to see what third party providers are collecting, posting back or if they are tunnelling but not gathering data. Our reports assess cookie use, data collection in general, attempts to collect geo location and so on. PRIVO is in the process of developing a cutting-edge comprehensive tool that brings together the numerous platforms used in our assessments and combined results to streamline the process.”
PRIVO then provides an overall assessment and “findings and risk report” produced at minimum twice a year for several hundred children’s apps, games, websites, and platforms as part of its Kids Privacy Assured Program. The monitoring takes place on a rolling basis. Reports are also produced during random assessments and when a review is carried out due to a change in the online service or any updates to the law. PRIVO works closely with the FTC to share its learnings and expertise and supports accountability with its fellow Safe Harbors.
Press Release originally published on August 10, 2021: https://www.einpresswire.com/article/548509020/privo-applauds-ftc-move-to-de-list-aristotle-as-safe-harbor