Increased concern about data privacy has prompted new and updated data
protection regulations worldwide. However, there has been no rigorous way to
test whether the practices mandated by these regulations actually align with
the privacy norms of affected populations. Here, we demonstrate that surveys
based on the theory of contextual integrity provide a quantifiable and scalable
method for measuring the conformity of specific regulatory provisions to
privacy norms. We apply this method to the U.S. Children's Online Privacy
Protection Act (COPPA), surveying 195 parents and providing the first data that
COPPA's mandates generally align with parents' privacy expectations for
Internet-connected "smart" children's toys. Nevertheless, variations in the
acceptability of data collection across specific smart toys, information types,
parent ages, and other conditions emphasize the importance of detailed
contextual factors to privacy norms, which may not be adequately captured by
COPPA.Comment: 18 pages, 1 table, 4 figures, 2 appendice
