In an unusual but significant move, on August 4, 2021, the Federal Trade Commission (FTC) removed Aristotle International from the Children’s Online Privacy Protection Act (COPPA) Safe Harbor List. There were 7 organizations on the list, which were approved by the FTC to self-regulate themselves under COPPA, but with this first removal by the FTC, there are now 6. In general, COPPA requires that parental consent be given prior to the collection or use of personal information of children under the age of 13.

In order to be included on the Safe Harbor list, the organizations were required to certify compliance with the FTC’s COPPA Rule. This included developing “guidelines that provide the same or greater protections for children as the COPPA Rule. They also must have an effective and mandatory mechanism in place to conduct independent assessments of member organizations’ compliance with the program guidelines.” Aristotle was approved by the FTC to operate a COPPA Safe Harbor program in 2012.

According to the FTC’s press release, the removal from the Safe Harbor list means that “Operators of websites and online services that paid Aristotle fees to participate in its self-regulatory program can no longer receive favorable regulatory treatment.”

The FTC initially contacted Aristotle with concerns about its compliance with COPPA and its oversight its members’ compliance. According to the FTC, “The FTC will no longer allow self-regulatory organizations to flout their obligations under Children’s Online Privacy Protection Act rules. Aristotle will no longer be recognized by the FTC as an approved Safe Harbor program. There is a clear conflict of interest when self-regulatory organizations are funded by the website operators and app developers they are supposed to police, so we will be closely scrutinizing other children’s privacy oversight outfits to determine whether they are living up to their obligations.

The collection and use of children’s information while they are online continues to be a hot-button issue for privacy advocates. It is clearly a regulatory enforcement priority for the FTC as well, so reviewing COPPA compliance in the wake of this announcement may be prudent.—

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.