The Federal Trade Commission (“FTC”) recently updated its FAQs regarding compliance with the Children’s Online Privacy Protection Act (“COPPA”). COPPA regulates how commercial websites and online services collect, use, or disclose personal information from children under the age of 13.
In light of many school districts deciding to move to fully remote learning or taking a hybrid approach to the beginning of this 2020-2021 school year, more school districts will need to contract for software and other online services in order to deliver its curriculum. School districts must understand what is needed for COPPA compliance, as well as related privacy laws, such as FERPA and the Illinois Student Online Personal Protection Act, when contracting with third parties for online and other covered services.
One of the COPPA FAQ updates clarified that website and app operators should not attempt to shift their COPPA obligations to schools by stating in Terms of Service or anywhere else that the school is responsible for complying with COPPA, as compliance is the responsibility of the operator. The FAQ also makes clear that operators must provide schools with the same notice of its practices on the collection, use, or disclosure of personal information from children as it would otherwise provide to the parent, if the operator intends to rely on consent obtained from a school instead of the parent.
Additionally, updates to the FAQs emphasize the need for operators and schools to consider their related obligations under FERPA and IDEA. This includes the right to access education records and protect against unauthorized disclosures of their students’ personally identifiable information.
Contact an attorney in our Corporate practice group with questions regarding COPPA compliance.