In an unusual but significant move, on August 4, 2021, the Federal Trade Commission (FTC) removed Aristotle International from the Children’s Online Privacy Protection Act (COPPA) Safe Harbor List. There were 7 organizations on the list, which were approved by the FTC to self-regulate themselves under COPPA, but with this first removal by the FTC, there are now 6. In general, COPPA requires that parental consent be given prior to the collection or use of personal information of children under the age of 13.

In order to be included on the Safe Harbor list, the organizations were required to certify compliance with the FTC’s COPPA Rule. This included developing “guidelines that provide the same or greater protections for children as the COPPA Rule. They also must have an effective and mandatory mechanism in place to conduct independent assessments of member organizations’ compliance with the program guidelines.” Aristotle was approved by the FTC to operate a COPPA Safe Harbor program in 2012.

According to the FTC’s press release, the removal from the Safe Harbor list means that “Operators of websites and online services that paid Aristotle fees to participate in its self-regulatory program can no longer receive favorable regulatory treatment.”

The FTC initially contacted Aristotle with concerns about its compliance with COPPA and its oversight its members’ compliance. According to the FTC, “The FTC will no longer allow self-regulatory organizations to flout their obligations under Children’s Online Privacy Protection Act rules. Aristotle will no longer be recognized by the FTC as an approved Safe Harbor program. There is a clear conflict of interest when self-regulatory organizations are funded by the website operators and app developers they are supposed to police, so we will be closely scrutinizing other children’s privacy oversight outfits to determine whether they are living up to their obligations.

The collection and use of children’s information while they are online continues to be a hot-button issue for privacy advocates. It is clearly a regulatory enforcement priority for the FTC as well, so reviewing COPPA compliance in the wake of this announcement may be prudent.