BALTIMORE, MD—Maryland Attorney General Brian E. Frosh and a bipartisan coalition of 25 state attorneys general this week submitted a comment letter to the Federal Trade Commission (FTC) asking the agency to strengthen its rules prohibiting websites, mobile apps, and other digital marketing companies from collecting personal information from children under the age of 13 and using that information to track children across the Internet.
Many websites and mobile applications collect personal information from users, including geolocation information, browser histories, search histories, voice recordings, and more.
In 1996, Congress passed the Children’s Online Privacy Protection Act (COPPA) prohibiting this type of data collection from children under the age of 13.
Both the FTC and all state attorneys general are empowered to enforce COPPA, although only the FTC is empowered to issue regulations based on COPPA.
Among other things, the attorneys general are urging the FTC to expand its definitions of personal information to include biometric data like faceprints used to unlock consumers’ cellphones, health data from internet-connected smart watches, and kids’ genetic information.
The letter also urges the FTC to clamp down on companies that embed code in children’s mobile applications and collect data in order to serve children behavioral advertising, and to examine how the rules apply to school-issued laptops that are “free” so long as companies get to collect information from the students using them.
Further, the attorneys general urged the FTC not to create exceptions to the rule that would allow massive digital media platforms (e.g., Apple, YouTube) to skirt COPPA’s requirements.
“The personal information that tech companies can acquire through web and mobile applications has expanded since the COPPA was passed, and the regulations governing that law need to be updated accordingly,” said Attorney General Frosh. “Any loopholes and exceptions in the regulations effectively incentivize tech companies to collect and monetize the personal data of minors. Big tech shouldn’t be allowed to use ‘education’ as a justification for collecting children’s personal information without parental consent.”
Joining Maryland in this letter are the attorneys general of Connecticut, Delaware, the District of Columbia, Idaho, Illinois, Iowa, Kentucky, Louisiana, Maine, Massachusetts, Michigan, Minnesota, Mississippi, Nebraska, Nevada, New Mexico, New York, North Carolina, Oregon, Pennsylvania, Tennessee, Vermont, Virginia, and Washington.
