The protection of children’s privacy has been a focus of enforcement action in the United States. For good reason. There is a real problem with some companies collecting and using personal information of minors.
The Department of Justice and the Federal Trade Commission have entered into orders with Edmodo whereby Edmodo consented to a permanent injunction to prevent future violations of children’s privacy. In Edmodo’s case the claim was that it collected the personal information of children under 13 without any notice to the children’s parents or obtaining parental authorization. It used this personal information to enable third-parties to display targeted advertising to student users.
The press release provides:
The Department of Justice, together with the Federal Trade Commission (FTC), today announced that Edmodo, LLC (Edmodo) has agreed to a permanent injunction and a $6 million civil penalty in connection with its online educational platform, as part of a settlement to resolve alleged violations of the Children’s Online Privacy Protection Act (COPPA), the Children’s Online Privacy Protection Rule (COPPA Rule), and the Federal Trade Commission Act. The civil penalty is suspended due to Edmodo’s inability to pay.
The Edmodo educational platform, sold to schools throughout the United States, enabled teachers to interface with students, including children under 13 years old, to host virtual class spaces, conduct discussions, share materials, make assignments, and provide quizzes and grades, among other things. In a complaint filed in the U.S. District Court for the Northern District of California, the government alleges that, until approximately September 2022, Edmodo collected the personal information of children under 13, including their names, email addresses, phone numbers, device information, and IP addresses. Edmodo allegedly collected such information without providing notice to the children’s parents or obtaining parental authorization to collect such personal information, as required by the COPPA Rule, and used this personal information to enable third-parties to display targeted advertising to student users between 2018 and September 2022.
The complaint further asserts that Edmodo was retaining this personal information indefinitely. As of March 2020, Edmodo retained the personal information associated with approximately 36 million student accounts, of which only one million were actively using the platform. This indefinite retention violated COPPA’s requirement that an operator not retain personal information of children for longer than “reasonably necessary to fulfill the purpose for which [the information] was collected.” Read the rest of this entry »