Explore Legal.io

For Clients
Legal.io company logo
Hire Talent
Find the best fit for any legal role
For Members
Jobs
The best legal jobs, updated daily
Salaries
Benchmark compensation for any legal role
Learn
Learn and grow with our community
Events
Connect with peers at exclusive events
Apps
Tools to streamline legal work
Advertise on Legal.io
Post a job for free
Reach more qualified applicants quickly
Advertise with Us
Reach a targeted audience

For Clients

Hire Talent
Legal.io company logo
Solutions
Find the best fit for any legal role
New Hire
Get highly qualified candidates in days
Popular Roles
Data & Tools
Budget Calculator
Plan and manage your legal budget
Salary Insights
Compensation data for legal roles
Vendor Directory
The ultimate list of legal tech tools
Legal.io
May 28, 2024

Federal Privacy Rights Act Creates Confusion on Children's Data

The APRA integrates children's privacy into broader consumer privacy programs, requiring companies to obtain affirmative consent for transferring minors' sensitive data.

The American Privacy Rights Act (APRA) is legislation that aims to reshape how companies handle the data of minors. Approved by a House subcommittee, APRA combines proposed updates to the Children’s Online Privacy Protection Act (COPPA) and a comprehensive privacy bill discussion draft.

Understanding American Privacy Rights Act

APRA forces companies to take a more higher-level approach to their compliance programs. Rather than treating children’s privacy as a standalone issue under COPPA, companies must now consider how kids and teens’ privacy fits into their broader consumer privacy programs. This shift requires practitioners and privacy professionals to rethink their strategies and adapt to a more integrated framework.

Sensitive Covered Data

One of the most significant ramifications of APRA is its inclusion of information about children under the rubric of “sensitive covered data.” Companies need affirmative consent to transfer any sensitive data related to children to third parties. Furthermore, these third parties can only process, retain, or transfer the data for the specific purpose for which consent was granted.

Preemption and State Laws

APRA preempts state privacy laws that cover the same requirements. However, it expressly does not preempt state data breach notification laws and state privacy laws related to employee, student, and health care privacy. This balance is meant to harmonize the balance between federal standards and existing state-level protections.

The Impact Of APRA on Kids’ Data Creates Confusion

APRA’s approach introduces complexity for companies. They must now navigate a landscape where children’s privacy is intertwined with broader privacy considerations. Compliance programs need to account for both COPPA-specific requirements and the comprehensive provisions of APRA.

Companies may struggle to align their practices with the new framework. Questions arise: How do we handle children’s data within our existing privacy programs? What additional safeguards are necessary? The lack of clear guidelines can lead to confusion and missteps.

“As far as compliance goes it opens up whole new problem for age information and age assurance,” said Amy Lawrence, Chief Privacy Officer and Head of Legal at SuperAwesome Inc. “How do you deal with a strict bar of processing a minor’s IP address? You would have to know everyone’s age.”

Educational institutions face unique challenges. Schools collect vast amounts of student data, including sensitive information. APRA’s provisions impact how schools handle this data, necessitating better coordination between educational policies and privacy compliance.

Compliance Issues With Kids Data Will Increase 

The evolving landscape may require continuous adjustments to legal privacy professionals' expertise.

“APRA doesn’t do a great job of setting out a knowledge standard for a covered minor. Now it’s just anything directed to a child—which it creates the back and forth of what is considered as directed to a child,” Lawrence said before adding “I guess the FTC has to tell us.”

The American Privacy Rights Act represents a step toward enhancing children’s privacy. While it introduces complexity, it also encourages a more comprehensive approach. It reshapes compliance practices, challenges educational institutions, and demands vigilance from privacy professionals. As the bill progresses, stakeholders must collaborate to strike the right balance between protection and innovation.

GovernmentPrivacy
Salary Insights

Explore All Salaries →

Hire Talent

Learn more →

More from Legal.io
Legal.io Newsletter - December 9, 2022 Edition #136
Legal.io Newsletter - December 9, 2022 Edition #136
Judge Advocates for Use of ChatGPT in Legal Interpretation
Judge Advocates for Use of ChatGPT in Legal Interpretation
February 17, 2023 Edition #146
February 17, 2023 Edition #146
Legal.io Newsletter - June 11, 2021
Legal.io Newsletter - June 11, 2021
Class of 2023 Sees Record-High Job, Salary Outcomes, NALP Study Finds
Class of 2023 Sees Record-High Job, Salary Outcomes, NALP Study Finds
The AI Gold Rush: A Tale of Four States
The AI Gold Rush: A Tale of Four States
Critical Elements for Successful Legal Support Outsourcing
Critical Elements for Successful Legal Support Outsourcing
The Dos and Don’ts of Online Recruitment for Smaller Firms
The Dos and Don’ts of Online Recruitment for Smaller Firms
Understanding the Executive Order on U.S. Investments in Chinese Technology Sectors
Understanding the Executive Order on U.S. Investments in Chinese Technology Sectors