FTC and COPPA

Question 1

What is the mission of the FTC?

Answer 1

Protect the public from deceptive or unfair business practices and unfair competition.

Question 2

What is considered ‘unfair’ under FTC authority?

Answer 2

• Causes substantial injury
• Not offset by benefits
• Not reasonably avoidable by consumers

Question 3

What makes a practice ‘deceptive’?

Answer 3

Material misstatement or omission likely to mislead consumers.

Examples: false statements, misrepresentations, failure to comply with privacy notices.

Question 4

What is the FTC’s role in privacy enforcement?

Answer 4

Enforces sector-specific laws and considers breaches of notice as deceptive practices.

Question 5

What law falls under FTC’s sole jurisdiction?

Answer 5

Children’s Online Privacy Protection Act

(COPPA)

Question 6

What laws does the FTC share jurisdiction over?

Answer 6

• FCRA
• FACTA
• CAN-SPAM
• TSR
• HITECH

Question 7

What is Section 5 of the FTC Act?

Answer 7

Allows regulation of unfair or deceptive acts or practices (UDAP).

Question 8

What is Section 6 of the FTC Act?

Answer 8

Grants investigative authority to the FTC.

Question 9

What does Section 5(L) authorize?

Answer 9

Administrative proceedings for cease-and-desist orders and penalties for repeat violations.

Question 10

What is a regulatory authority?

Answer 10

A federal or state agency authorized to implement and enforce legislation.

Question 11

How does the FTC learn about UDAP violations?

Answer 11

• Company filings
• Journalism
• Market competition

Question 12

What are the steps in an FTC enforcement action?

Answer 12

• Investigation
• Subpoena/testimony
• Administrative trial
• Decision
• Appeal to commissioners/federal court

Question 13

What additional actions can courts take beyond fines?

Answer 13

Order redress for consumers and issue injunctions.

Question 14

What is a consent decree?

Answer 14

• Settlement with FTC
• No admission of fault
• Company agrees to change practices

Question 15

Why are consent decrees published?

Answer 15

To guide other companies on acceptable practices.

Question 16

Who monitors violations of consent decrees?

Answer 16

• FTC Division of Enforcement
• U.S. Dept. of Justice

Question 17

What might a consent decree require?

Answer 17

• Specific actions
• Compliance proof
• Audits

Question 18

Why do companies agree to consent decrees?

Answer 18

• Avoid court
• Reduce costs
• Prevent bad press
• Protect practices

Question 19

What happens if a consent decree is violated?

Answer 19

Easier penalty assessment and enforcement.

Question 20

Who else enforces UDAP beyond the FTC?

Answer 20

State-level authorities and self-regulation bodies.

Question 21

What law governs FTC rulemaking instead of the APA?

Answer 21

Magnuson-Moss FTC Improvements Act (1975).

Question 22

What was the impact of West Virginia v. EPA?

Answer 22

SCOTUS invoked the ‘major questions doctrine’ to limit agency power

May constrain FTC rulemaking.

Question 23

What is the ‘major questions doctrine’?

Answer 23

Regulatory agencies need clear Congressional authority to issue significant rules.

Question 24

How does the FTC define commercial surveillance?

Answer 24

• collection
• aggregation
• analysis
• retention
• transfer
• monetization of commercial data and derivatives

Question 25

What are **dark patterns**?

Answer 25

Designs that **manipulate users** into disclosing PII or making purchases. ## Footnote e.g., hidden fees, hard cancellations

Question 26

Who typically enforces UDAP **at the state level**?

Answer 26

State Attorneys General | (AGs)

Question 27

What is meant by '**unconscionable practices**'?

Answer 27

**Harsh seller practices** that some states enforce under UDAP.

Question 28

What is **HIPAA's impact** on state privacy laws?

Answer 28

Many states **exempt HIPAA-regulated entities** and data.

Question 29

How does **GLBA affect state** privacy enforcement?

Answer 29

States like CO, CT, UT, and VA **exempt GLBA-regulated entities** and data.

Question 30

How is the **FCRA treated in state** privacy laws?

Answer 30

Many states **exempt FCRA-regulated entities** and data.

Question 31

What does the **DPPA** regulate?

Answer 31

Driver's personal data.

Question 32

What does the **Social Security Number Confidentiality Act** prohibit?

Answer 32

SSN **visibility through envelope windows** from the Treasury.

Question 33

How does DPPA **protect SSNs**?

Answer 33

* Treats them as highly restricted information * Limits DMV disclosures

Question 34

What does **COPPA** stand for?

Answer 34

Children's Online Privacy Protection Act

Question 35

Who does COPPA **protect**?

Answer 35

Children **under 13** in the U.S.

Question 36

What **services are covered** by COPPA?

Answer 36

**Websites** and **online services** that target children.

Question 37

Who **enforces** COPPA?

Answer 37

FTC and State Attorneys General

Question 38

What are **key requirements** under **COPPA**?

Answer 38

* Parental opt-in before collecting data * Privacy policy must explain collection * Link to privacy policy on every page collecting data

Question 39

What is **co-regulation** in COPPA?

Answer 39

Once FTC certifies a program, compliance with it is **sufficient to meet the statute**.

Question 40

What are examples of **COPPA seal programs**?

Answer 40

* Aristotle * CARU * ESRB * iKeepSafe * kidSAFE * PRIVO * TrustArc

Question 41

What is **DOPPA** and how does it differ from COPPA?

Answer 41

* Delaware law for **minors** under 18 * Bans ads for **illegal products** and limits some PII use

Question 42

How does **CCPA** address children's data?

Answer 42

* Bans sale of data under 16 without consent * 13-15-year-olds may opt-in themselves

Question 43

What is **Moore's Law**?

Answer 43

Computing power **doubles every 18-24 months** due to increased transistor density.

Question 44

Who **proposed** Moore's Law and **when**?

Answer 44

**Gordon Moore**, co-founder of Intel, in **1965**.

Question 45

What is the **First Law** of Asimov's Robotics?

Answer 45

A robot must **not harm a human** or allow harm through inaction.

Question 46

What is the **Second Law** of Asimov's Robotics?

Answer 46

A robot must **obey humans** unless this conflicts with the First Law.

Question 47

What is the **Third Law** of Asimov's Robotics?

Answer 47

A robot **must protect its own existence** unless this conflicts with the First or Second Law.