Reps. Castor, Schakowsky Request Answers from COPPA’s Safe Harbor Programs
Washington, January 10, 2022
Tags: Protecting Consumers
U.S. Representatives Kathy Castor (FL14) and Jan Schakowsky (IL09) wrote to all of the Children’s Online Privacy Protection Act (COPPA) Safe Harbor programs, requesting information to ensure that they are fulfilling their legal obligations to provide “substantially the same or greater protections for children” as those detailed in the COPPA Rule as well as soliciting feedback on how best to improve the Safe Harbor program. Rep. Schakowsky is the Chair of the Energy and Commerce Committee’s Consumer Protection and Commerce Committee of which Rep. Castor is a member.
Letters were sent to all Safe Harbor Program organizations: Children’s Advertising Review Unit (CARU), Entertainment Software Rating Board (ESRB), iKeepSafe, kidSAFE, Privacy Vaults Online, Inc. (d/b/a PRIVO) and TRUSTe.
The letter can be read here and below:
RE: Oversight Questions Regarding COPPA Safe Harbors
We write to you to better understand the Children’s Online Privacy Protection Act’s Safe Harbor Program run by XXX and to solicit feedback from XXX on how best to improve the program’s governing regulations and statute.
The Children’s Online Privacy Protection Act (COPPA), signed into law in 1998, includes provisions that regulate how entities or “operators” collect and use personal information from children under thirteen years old. The statute includes a provision entitled “Safe Harbors,” which states that an operator may satisfy COPPA regulations by following a set of approved self-regulatory guidelines. The Federal Trade Commission (FTC) promulgated its first rule implementing COPPA in 1999 and revised the COPPA Rule in 2013. In the current rule, there is a section entitled “Safe harbor programs” that further details the requirements for these programs.
Recent press reports and FTC enforcement actions have highlighted the importance of ensuring online platforms protect children’s privacy. Parents do not have confidence that their children’s privacy is sufficiently protected online and do not have the time or resources to read through complicated and convoluted privacy policies. Often parents are forced to make quick judgments about the safety of a website or app and a stamp of approval from a safe harbor deeming a site compliant with COPPA can make a significant difference in whether parents allow their children to use it. These problems are further exacerbated as children are increasingly required to use online resources for educational, informational, and other essential purposes. Therefore, it is critical that COPPA Safe Harbor organizations are working as intended.
Unfortunately, there are signs that COPPA Safe Harbor organizations are not adequately doing their job. Former FTC Commissioner Chopra, in prepared remarks on April 4, 2019, and in a statement on May 19, 2020, said that the FTC and Congress need to take steps to “[beef] up oversight of the COPPA Safe Harbor program.” Some of the actions then-Commissioner Chopra proposed include: “Limiting conflicts of interest by COPPA Safe Harbors by restricting additional fee-based consulting offered by affiliates of the Safe Harbor to participating websites and apps,” and “Disclosing COPPA Safe Harbor performance data to the public, including complaints handled and disciplinary actions taken.”
Congress and the FTC need to consider all options to protect our children online. As members of the House Committee on Energy and Commerce, which has jurisdiction over the COPPA Safe Harbor Program, we are committed to conducting oversight to guarantee the participants in this program are fulfilling their legal obligations to provide “substantially the same or greater protections for children” as those detailed in the COPPA Rule. We are also committed to exploring ways in which Congress can strengthen COPPA and the COPPA Rule.
To better inform our work, please provide written responses to the following questions by XXX.
i. If so, please provide all public reporting of any action taken against subject operators.
i. If so, please provide all examples of consumer redress.
i. If so, please provide all examples of voluntary payments to the US Treasury?
i. If so, please provide a description of all referrals to the FTC.
i. If so, please describe the instances when that has occurred, including the process involved and the reason for each termination.
i. If so, please provide descriptions of all instances in which a consumer complaint resulted in a disciplinary action, including the substance of the complaint and the disciplinary action taken.
 Pub.L. 105–277 Children's Online Privacy Protection Act of 1998, 15 U.S.C. 6501–6505
 16 CFR Part 312
 16 CFR Part 312