CDD FOIA's first annual reports on COPPA Kids Privacy Compliance by Safe Harbor Co's Submitted to FTC

As part of the Children’s Online Privacy Protection Act (COPPA), the federal law protecting the digital privacy of kids 12 and under (and which empowers parents or other key caregivers to control the data collected from children), a so-called “Safe Harbor” system was created. The theory being that companies joining a FTC approved Safe Harbor regime, which is commited to ensuring meaningful compliance with COPPA, is an effective way to have companies follow the law. Yesterday was the deadline for Safe Harbor reports to be submitted to the FTC, and the first once since the new stronger safeguards on COPPA (covering multiple devices and applications, for example), went into effect.

CDD has many concerns about how COPPA Safe Harbor is working, which we have explained to the FTC. Our legal and research team is focusing on how these Safe Harbor systems actually operate—so expect to see this issue heat up in next year. We requested all the Safe Harbor reports, including from the: kidSAFE Seal Program, Aristotle International Inc., Children’s Advertising Review Unit (CARU), Entertainment Software Rating Board (ESRB), Privacy Vaults Online, Inc. (PRIVO), and TRUSTe.

Here’s a statement from Eric Null, staff attorney at the Institute for Public Representation at Georgetown University Law Center. Eric serves as counsel to CDD:

The safe harbor annual reports provide vital information about the conduct of the COPPA safe harbor programs. Without seeing these reports, parents and the public will remain uninformed about how effective the safe harbors are at protecting children against harmful online data practices.

Jeff Chester, CDD’s executive director, explained that this work is part of our ongoing “Unsafe Harbor” consumer and privacy protection initiative, which is also examining how the U.S. protects the privacy of European citizens through a Safe Harbor program operated by the Department of Commerce.