Dealing with COPPA: Compliance, the lies and the future.

I don’t know about you but I am struggling with the Children’s Online Privacy Protection Act (COPPA).

As we look to use different online tools in the classroom we evaluate them on the service(s) they provide, whether they meet our educational goals, and what is involved in the management and administration of the tool or service.

All of this is thrown a mess if the site’s account creation process involves the collection of personal information… enter COPPA compliance.

COPPA was enacted in 1998 the law requires that the Federal Trade Commission issue and enforce a rule concerning children’s online privacy, which the commission did in 1999. On April 21, 2000 the Children’s Online Privacy Protection Rule became effective.

COMPLIANCE & THE LYING

After reading the FAQ issued by the FTC one can still be left confused by what you actually need to do as site operator or as a school wanting to use a site that may or may not be COPPA compliant.

In short, the Rule requires any web site that collects personal information to comply with six things:

  1. Post a clear and comprehensive privacy policy on their website describing their information practices for children’s personal information;
  2. Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information from children;
  3. Give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties;
  4. Provide parents access to their child’s personal information to review and/or have the information deleted;
  5. Give parents the opportunity to prevent further use or online collection of a child’s personal information;
  6. Maintain the confidentiality, security, and integrity of information they collect from children.

As I read this I, along with Reshan Richards (@reshanrichards) put together a checklist of things that I would need to look for on each of the sites that we use and determine if they are truly COPPA compliant. A site may actually say that they comply with COPPA because they don’t allow children under the age of 13 to register with their site. Looking at each of these site would be something that had to be done and couldn’t be assumed.

In doing so it was surprising to see how many of the sites one would assumed were compliant actually weren’t and what would need to be done in order to comply.

It is also interesting to note that in order to thwart may of the age verification checks all one needs to do is to enter a year of birth that would make you 13 or older… to lie! This is something that is happening more and more often in homes and with parents and children particularly when signing up for site and tools like Facebook and Google.

These sites could comply with COPPA, but don’t want to be bothered by the steps they would need to take in order to become compliant or their business model doesn’t support their needs.

Danah Boyd (http://www.danah.org/@zephoria) gave an interview to “On the Media” where she outlined how parents and students lie to get around the rules of COPPA. Parents look at the age restriction as a suggestions and don’t want the government telling them what to do, with 93% of parents saying that they should have the final say.

“On The Media” – MP3

Where does that leave things?

SCHOOL OPTIONS

There are two lines with the FAQ regarding schools and services direct at schools that I “think” provide schools with some leeway and allow them to broker parental consent (see #2 above).

 “COPPA allows, but does not require, schools to act as agents for parents in providing consent for the online collection of students’ personal information within the school context”

&

” Many schools have implemented Acceptable Use Policies (AUPs) or other measures to educate parents and students about in-school Internet use. For example, a school may use the AUP to inform parents of what online services are provided to students, and the school’s policies regarding students’ use of the Internet.”

A school would need to still verify the other items outline in order to be compliant, but by providing written notification and verifiable parental consent (make it part of a school’s enrollment contract for independent schools) a school could theoretically use these tools.

But is this something that a school should have to take on from a legal and ethical perspective? Why can’t it be easier?

COPPA REVIEW

Mark Zucherburg drew a lot of attention to COPPA and the under 13 issue when he said that “My philosophy… is that for education, you need to start at a really, really young age.

We are starting at a very young age with our students. Whether you’re using a services like Pixie’s K12Share, Edmodo, Twitter and Facebook or want you student to work collaboratively with Google Docs a school needs to know how these tools fit in with COPPA.

Much to Mr. Zucherburg’s (and my) pleasure COPPA is under review and until December 23, 2011 is seeking public comment on the proposed amendments to “respond to changes in online technology, including in the mobile marketplace, and, where appropriate, to streamline the Rule.”

If, like me, would welcome a more streamlined rule please take a moment to comment.

Until COPPA is fully reviewed and any changes made we need to work within the rules and guidelines we are given. I for one am looking forward to changes that will hopefully address the changing landscape of learning. As schools move forward with their various 1:1 learning initiatives (laptops, iPads, BYOD, etc.) and take learning online this will continue to become a bigger and bigger issue.

I am curious as to how your school is dealing with COPPA and managing the use of your online resources and tools. Please leave a comment below and share your thoughts.

References:

 

 

About William Stites

Currently the Director of Technology for Montclair Kimberley Academy, "Blogger in Chief" for edSocialMedia.com, husband and father to two crazy kids who make me smile everyday.
This entry was posted in Administration & Management, COPPA, EdTech, Teaching & Learning and tagged , , , , , , , , , . Bookmark the permalink.
  • Pingback: The AppleID in your 1:1 Program | williamstites.net()

  • Pingback: COPPA challenges, lies and the future. | edSocialMedia()

  • Anonymous

    Bill,

    We are just starting to encounter these issues and would love to hear what people have to say. Our main priority is getting Google Apps for Ed going here. We are also working with Mindmeister, an online mind-mapping tool with social networking features owned by a European company who wasn’t aware of COPPA here in the US. I’ve asked the legal team here at U of C if there is any special way they would like me to go about getting permission — if you have a form or letter at this point in time, or know someone who does and is willing to share it, I’d love to see it. 

    Curt L.

    • Anonymous

      Bill, as you astutely ask — “But is this some­thing that a school should have to take on from a legal and eth­i­cal per­spec­tive?” — our legal team at UC is very concerned about liability in acting as the parents’ agent. I will be curious to see how they land on this matter. 

  • http://www.howardlevin.com Howard Levin

    Bill,
    Your stuff is really wonderful — damn good writer and your work helps all of us flush these issues out. Thank you for all the time and effort you put into your blog. I need to find the time to read it all!