More FTC staff needed to enforce the Children’s Online Privacy Protection Act (COPPA).
Washington, DC – September 16, 2022 – Privacy Vaults Online, Inc. (PRIVO), the leader in children’s online privacy, age assurance and consent management solutions, supports the FTC and calls on Congress to provide more resources to enforce children’s privacy rights.
Ensuring compliance with the Children’s Online Privacy Protection Act (COPPA) is a mammoth task for an agency. Today there are 56.3M children ages 3-17 online in the United States (NCES) and that number grows daily. It’s impossible to count the huge number of online services including apps, websites, platforms, metaverse, video games and social media, available to children. Therefore, it is no surprise that the resounding takeaway from the Federal Trade Commission Report to Congress on COPPA Staffing, Enforcement and Remedies is we are doing our best but could do better.
According to the report the FTC has roughly 9-11 full-time equivalents (FTEs) to the COPPA program annually, has opened 80 investigations of potential COPPA violations in the last five years. Hats off too when it comes to enforcement actions. The report states that in six of the 10 cases alleging violations of COPPA, the Commission obtained a civil penalty of at least $1.5 million. It was also behind the largest civil penalty ever obtained, $170 million, for the YouTube case. That’s not a bad track record in relation to the resources at its disposal. However, in the context of the number of children online in the US and the fact that COPPA violations cause harm to children it’s not enough. COPPA violations infringe on children’s privacy protections and can have a lasting impact on them with online profiles built to target a child from birth to adulthood and beyond. The FTC has limited resources to manage one of the fastest growing and most risky areas of data privacy.
The report highlights that there is some support from other areas such as the Bureau of Consumer Protection’s (BCP) Division of Privacy and Identity Protection (DPIP) but that there is no single unit dedicated to COPPA or children’s privacy. Considering evolving technology that captures biometric and health data, think VR headsets and the metaverse, fingerprint and iris recognition it is time to devote more resources to this much needed area of privacy protection to step up enforcement actions and support the FTC and its approved COPPA safe harbors to bring more companies into compliance and to ensure a healthier online ecosystem for children.