The New Jersey Attorney General and Division of Consumer Affairs have announced a settlement with 24x7digital, the developer of the “TeachMe” mobile apps for preschool through second-grade children, to resolve claims that the company violated the federal Children’s Online Privacy Protection Act (“COPPA”).   

The state alleged that children were encouraged to submit their full names, along with a photograph, when they created user profiles, and that the apps disclosed the user’s full name and the mobile device’s unique device identifier (“UDID”) to a third-party data analytics company.  According to the state’s complaint, 24x7digital ran afoul of COPPA by failing to provide notice or obtain parental consent before collecting, using, and disclosing the children’s personal information online. 

Under the statute, a state attorney general may sue for violations of COPPA on behalf of the residents of the state to (i) enjoin the practice; (ii) enforce compliance with the FTC’s COPPA rule; (iii) obtain damage, restitution, or other compensation on behalf of the state’s residents; or (iv) obtain such other relief as the court may consider to be appropriate.  However, before filing the action, the attorney general typically must notify the FTC and provide a copy of the complaint. The FTC then has the option of intervening in the case. 

Although this is not the first COPPA action that a state has brought (Texas sued three website operators in 2007), most states have left COPPA enforcement to the FTC. With an increased attention on the privacy practices of mobile apps, however, these kinds of cases may become more common. For its part, the New Jersey AG has stated that it will continue to investigate other mobile applications to determine if they are unlawfully sharing users’ personal information. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.