On December 18, 2020, the Irish Data Protection Commission (“DPC”) published its draft Fundamentals for a Child-Oriented Approach to Data Processing (the “Fundamentals”). The Fundamentals introduce child-specific data protection principles and measures, which are designed to protect children against data processing risks when they access services, both online and off-line. The DPC notes that all … Continue Reading
Judge Freeman of the U.S. District Court for the Northern District of California dismissed a class action against Google and several YouTube channel owners alleging various violations under California state law. Plaintiffs alleged Defendants infringed their children’s privacy and consumer rights by collecting personal information and delivering targeted advertisements while they viewed child-directed YouTube videos. … Continue Reading
The FTC recently updated Complying with COPPA: Frequently Asked Questions, the set of FAQs meant to provide informal guidance for complying with the Children’s Online Privacy Protection Act and the Commission-issued COPPA Rule. In an accompanying blog post, the FTC staff emphasized that the revisions to the FAQs “don’t raise new policy issues” and that … Continue Reading
On 10 September 2020, the European Commission proposed an interim regulation designed to enable online communications service providers to combat child sexual abuse online. Once in force, this regulation will provide a legal basis for providers to voluntarily scan communications or traffic data on their services for the limited purpose of detecting child sexual abuse … Continue Reading
On March 5, Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) introduced the Kids Internet Design and Safety (KIDS) Act. The bill, which covers online platforms directed to children and teenagers under 16 years old, aims to curb the time spent by these minors on such platforms and could dramatically affect advertising and influencer content … Continue Reading
On January 30, House Rep. Kathy Castor (D-FL) introduced the Protecting the Information of our Vulnerable Children and Youth (“PRIVCY”) Act, a bill that promises to be a significant overhaul of the Children’s Online Privacy Protection Act (“COPPA”). Currently, COPPA applies only to personal information collected from children under 13 years old. The PRIVCY Act … Continue Reading
On October 22, 2019, the Federal Trade Commission reached a proposed settlement with the developer of three so-called “stalking” apps that enabled purchasers of the app to secretly monitor the mobile devices on which they were installed. Developer Retina-X Studios, LLC and its owner James N. Johns marketed the three apps—MobileSpy, PhoneSheriff, and TeenShield—as a … Continue Reading
Yesterday, the Federal Trade Commission (“FTC”) and the New York Attorney General’s office (“NYAG”) settled allegations against Google LLC and its subsidiary YouTube, LLC claiming violations of the Children’s Online Privacy Protection Act and its implementing rule (together, “COPPA”). The settlement requires Google and YouTube to pay $136 million to the FTC and $34 million … Continue Reading
On May 31, 2019, the Cyberspace Administration of China (“CAC”) released the draft Regulation on the Protection of Children’s Personal Information Online (“Draft Regulation”) for public comment. (An official Chinese version is available here and an unofficial English translation of the Draft Regulation is available here.) The comment period ends on June 30, 2019. As mentioned … Continue Reading
Earlier this month, the UK’s Information Commissioner’s Office published a draft code of practice (“Code”) on designing online services for children. The Code is now open for public consultation until May 31, 2019. The Code sets out 16 standards of “age appropriate design” with which online service providers should comply when designing online services (such … Continue Reading
Having received Royal Assent on May 23, 2018, the UK Data Protection Bill is now an Act of Parliament. The Data Protection Act 2018 (the “Act”) implements the General Data Protection Regulation (“GDPR”) and replaces the UK Data Protection Act 1998. Notable provisions that make use of the ability of Member States to implement different … Continue Reading
In both the Senate and the House, a bipartisan group of lawmakers has reintroduced a bill to update the Children’s Online Privacy Protection Act of 1998 (COPPA). Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn) and Reps. Joe Barton (R-Texas) and Bobby Rush (D-Ill.) have introduced the Do Not Track Kids Act. The bill would … Continue Reading
On Monday, the Federal Trade Commission (FTC) entered into a settlement with Nevada-based Prime Sites, Inc., doing business as Explore Talent, related to charges that Explore Talent violated the Children’s Online Privacy Protection Act (COPPA). Explore Talent, an online talent search company, will pay $235,000 in civil penalties. According to the FTC’s complaint, Explore Talent … Continue Reading
The Article 29 Working Party (WP29) has published long-awaited draft guidance on transparency and consent under the General Data Protection Regulation (“GDPR”). We are continuing to analyze the lengthy guidance documents, but wanted to highlight some immediate reactions and aspects of the guidance that we think will be of interest to clients and other readers … Continue Reading
Earlier this week, the Federal Trade Commission and Department of Education announced plans to hold a joint workshop on the application of the Children’s Online Privacy Protection Act (“COPPA”) and the Family Educational Rights and Privacy Act (“FERPA”) to educational technology products and services in the K-12 school environment. In advance of the workshop, the … Continue Reading
The FTC staff published today a “Six-Step Compliance Plan” for businesses to comply with the Children’s Online Privacy Protection Act (COPPA). The guidance, which provides a useful framework for businesses, states explicitly that COPPA applies to connected toys and other devices that collect personal information from children over the Internet. The FTC’s 2013 revisions to the COPPA Rule greatly expanded … Continue Reading
Yesterday, the Supreme Court denied certiorari in In re Nickelodeon Consumer Privacy Litigation, a case addressing whether static digital identifiers like internet protocol (IP) addresses qualify as personally identifiable information (PII) under the Video Privacy Protection Act (VPPA). As a result, the Third Circuit’s June 27, 2016 decision in the case—which held that IP addresses … Continue Reading
China’s top internet regulator, the Cyberspace Administration of China (“CAC”), continues to show interest in setting more stringent rules governing the protection of minors in the context of online activities and data privacy. Immediately prior to the October holiday, CAC released for public comment new draft regulations aimed at protecting minors on the Internet, the … Continue Reading
In an example of successful industry self-regulation, the website DorkDiaries.com revised its privacy practices for children’s data, following an inquiry from the Children’s Advertising Review Unit (CARU). CARU, the children’s arm of the advertising industry’s system of self-regulation, monitors advertising to children in all media. As part of that effort, it examines websites and apps … Continue Reading
Under the Children’s Online Privacy Protection Act (COPPA), operators of certain websites, mobile applications, and other online services must provide parents notice and obtain verifiable parental consent before collecting, using, or disclosing personal information from children under the age of 13 online. The FTC has approved a new facial-recognition based method to comply with COPPA, … Continue Reading
By Megan L. Rodgers What information is being collected by mobile apps and websites directed at kids? With whom is that information shared? What notice is provided to parents? Regulators in the U.S. and abroad continue to focus on these issues. The FTC recently released a follow-up report on privacy notices in mobile apps directed … Continue Reading
By Ani Gevorkian The FTC has issued a request for public comment regarding Riyo’s application to recognize a new proposed verifiable parental consent method under the FTC’s Children’s Online Privacy Protection Act Rule. The Rule, which implements the Children’s Online Privacy Protection Act (COPPA), requires certain website operators, mobile applications, and other online services to … Continue Reading
In late December 2014, the FTC staff sent China-based mobile app developer BabyBus a letter warning the company that several of its apps may violate the FTC’s Children’s Online Privacy Protection Act (COPPA) Rule. Staff alleged that the apps are marketed for young children and “use cartoon characters to teach children letters, counting, shapes, music, … Continue Reading
The Federal Trade Commission (“FTC”) recently reiterated its support for the use of “common consent” mechanisms that permit multiple operators to use a single system for providing notices and obtaining verifiable consent under the Children’s Online Privacy Protection Act (“COPPA”). COPPA generally requires operators of websites or online services that are directed to children under … Continue Reading
