Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsThe FTC’s Policy Statement on Education Technology and the Children’s Online Privacy Protection Act
The Federal Trade Commission (FTC) is acting to address the potential privacy dangers of education technology. Amidst the coronavirus pandemic, there have been unprecedented levels of use of education technology. The urgency of the situation led to approvals of education technology that had not been thoroughly vetted.
The FTC says that that needs to change. Under its Children’s Online Privacy Protection Act powers, the FTC is also tasked with enforcing meaningful limitations on the collection, use, and retention of children’s data, and establishing requirements to keep that data secure.
The FTC plans to focus its efforts on prohibiting mandatory collection. Education technology should not be allowed to require extraneous sharing of data as a prerequisite for use. The FTC will work to make sure that businesses cannot stop students from engaging in an education technology activity based on a refusal to provide information beyond what is reasonably necessary to participate in the activity.
Another focus will be Use Prohibitions. Education technology providers are limited in how they can use personal information collected from children. To be succinct, they can only use the personal information to provide the online education services that they are contracted to do. If an education technology provider ends up using personal information of children for commercial purposes, the FTC will be obligated to intervene.
The Children’s Online Privacy Protection Act places retention limits on children’s data. Their personal information should not be retained longer than reasonably necessary to fulfill the purpose for which it was collected. The mere possibility of potential future uses is insufficient to justify retaining the personal information of children.
The Children’s Online Privacy Protection Act also requires covered companies to implement procedures for maintaining the confidentiality, security, and integrity of the personal information of children. This requirement isn’t only relevant when a breach happens. The FTC can get involved just because a COPPA-covered company doesn’t provide reasonable security.
Thankfully, Clarip can help education technology providers with many of these issues. We help organizations identify what data they collect, how long they retain it, and what they do with that data. Automated data mapping is just the start. Clarip also provides website scanning, consent management, vendor management, and much, much more. Visit our site, www.clarip.com or call us at 1-888-252-5653 to learn more.
Email Now:
Mike Mango, VP of Sales
mmango@clarip.com
Other Articles on this Topic:
FTC enforces the Children’s Online Privacy Protection Act
