The Center for Digital Democracy has asked the Federal Trade Commission to reject the application of iKeepSafe to run a safe harbor program for companies that want to demonstrate their compliance with Children's Online Privacy Protection Act restrictions on collecting and sharing personal info via child-directed Web sites.
CDD says iKeepSafe fails to provide the same or greater protections as the COPPA rule, using permissive language--"should"--rather than mandatory language--"must," "required." It also says the proposal does not clearly define child-directed sites.
CDD also takes issue with ikeepSafe's plan to have a third party, PlayWell, assess compliance with the voluntary guidelines, saying it has provided no evidence that either it or PlayWell has the skill or technical expertise, and in PlayWell’s case the staff, to enforce the safe harbor.
The COPPA Rule allows companies that want to be considered de facto in compliance to do so through a safe harbor program that monitors that compliance.
"[T]he FTC should reject iKeepSafe’s application, or require amendments and clarifying submissions from the company," said CDD, which is a leading voice for protecting kids privacy online," CDD told the FTC.
“FTC should not approve safe harbor applications unless it is absolutely clear that the proposed safe harbor will provide equal or better protection of children’s information than the COPPA Rule, and this proposed system would fall far short of the standard,” said CDD legal director Hudson Kingston in a statement. "Unless the existing and new safe harbors are held to an exacting standard the law will be undercut by incompetent enforcement—as the agency responsible for COPPA, FTC mustn’t allow self regulation to work against its intended purpose.”
We appreciate CDD's interest in our application and in all organizations involved in the safe harbor process,” said PlayWell President Linnette Attai. “We take our responsibilities in this space quite seriously, and are strongly-positioned to implement a robust and rigorous COPPA Safe Harbor program.”
“Our application lays out both guiding principles that helped to inform the development of the guidelines, and strong, detailed ‘must do’ requirements for companies that wish to obtain the proposed iKeepSafe COPPA Safe Harbor seal. The requirements meet or exceed the threshold of COPPA requirements, and we are happy to discuss any concerns suggesting otherwise in great detail with any interested parties. The technical assessment plan as described in the application is aligned with what the FTC uses for its own assessments, and matches or exceeds that of some existing safe harbor programs.
“Many safe harbor organizations are small in staff, but that does not detract from their ability to sustain thriving, compliant programs.“
Attai said that she and Marsali Hancock, president of iKeepSafe, would oversee the safe harbor with the help of iKeepSafe staff and “other resources.”
She pointed out that she had worked for 14 years helping companies comply with COPPA and other privacy self-regs. “Ms. Hancock has led iKeepSafe for the past decade, building it into a valuable resource for government, education and industry.
She has partnered with the FTC, the White House and international organizations on development of robust privacy and safety programs around children's use of technology, which is core to iKeepSafe’s mission.”