The Software & Information Industry Association (SIIA) expresses gratitude for the opportunity to comment on the Advanced Notice of Proposed Rulemaking regarding the New York Child Data Protection Act. SIIA emphasizes the importance of balancing child privacy with access to critical online tools and information, advocating for clarity in the law to support educational systems. They highlight concerns about potential conflicts between the Child Data Protection Act (CDPA) and existing Education Law § 2D, which protects student data, urging the Office of the Attorney General (OAG) to clarify that educational technology products used by schools should not be classified as primarily directed at minors. This clarification is crucial to ensure that schools can effectively collect and protect student data without undue restrictions.
SIIA also provides recommendations for various aspects of the CDPA, including the definition of personal data and the processing of such data without consent. They argue that anonymized data should be excluded from the definition of personal data to avoid disincentivizing data protection efforts. Additionally, SIIA urges the OAG to adopt a consistent approach in assessing what constitutes a website or service primarily directed at minors, suggesting that existing frameworks like the Children’s Online Privacy Protection Act (COPPA) be leveraged. They call for careful consideration of how informed consent is obtained and propose that regulations should facilitate the provision of age-appropriate content without imposing excessive burdens on operators. Overall, SIIA advocates for a balanced approach that prioritizes both privacy and the educational needs of minors.