The Ninth Circuit recently held that the Children’s Online Privacy Protection Act, which gives the Federal Trade Commission  authority to regulate the online collection of personal information from children under the age of 13, does not preempt consistent state law, potentially increasing the risk of class action litigation based on alleged COPPA violations.  See Jones

Last week, New Jersey Assemblyman Herb Conway Jr. introduced a bill similar to the California Age-Appropriate Design Code (“CA AADC”) enacted in September.  The bill, NJ A4919, tracks the CA AADC in many respects but contains several notable differences, which we summarize below:

  • Covered businesses.  The CA AADC applies to any online service,

On Wednesday, the Federal Trade Commission (“FTC”) hosted a virtual event on “Protecting Kids from Stealth Advertising in Digital Media.”  The event featured industry professionals, legal and child development experts, researchers, and consumer advocates to discuss the regulation of digital advertising to children.  Panelists examined the online advertising techniques children are exposed to, children’s capacity to understand and recognize advertising, and the potential harms associated with advertising in an ever-evolving digital landscape.   

Continue Reading FTC Hosts Event Regarding Children’s Experiences with Digital Advertising

On September 8, 2022, the Brazilian Data Protection Authority (“ANPD”) launched a public consultation on the processing of minors’ personal data (encompassing children under 12-years-old and adolescents between the ages of 12- and 18-years-old).  The consultation will conclude on October 7, 2022.  According to the ANPD, the purpose of the consultation is to resolve divergent interpretations among public authorities, academics, privacy professionals, and representatives of civil society regarding the Brazilian Data Protection Law’s (“LGPD”) provision on the processing of minors’ personal data (Article 14).  The Authority will use the feedback it receives to draw up guidelines on the topic and, possibly, amend the LGPD.

Continue Reading Brazil’s ANPD Launches Public Consultation on the Processing of Minors’ Personal Data

On June 14, 2022, representatives of the EU’s Consumer Protection Cooperation (CPC) Network, together with several national data protection authorities in the EU and the secretariat of the European Data Protection Board (“EDPB”), endorsed five key principles for fair advertising to children (see press release here).  These recommendations are based on relevant requirements

Today, the Federal Trade Commission (FTC) announced that it anticipates proposing a privacy rulemaking this month, with comments closing in August.  This announcement follows the agency’s statement in December that it planned to begin a rulemaking to “curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.” 

On May 25, 2022, the Irish Data Protection Commission (“DPC”) issued 3 short guides for children, with the objective of raising awareness among adolescents about data protection and their privacy rights, as well as serving as a resource “for parents, educators and anyone [else] interested in children’s safety and wellbeing online”. The 3 guides

On May 19, the Federal Trade Commission (“FTC”) adopted, on a unanimous basis, a policy statement reminding educational technology vendors (“ed tech vendors”) of their duty to comply with the substantive privacy protections of the Children’s Online Privacy Protection Act (“COPPA”) and the Commission-issued COPPA Rule.  The policy statement reiterates the requirements of the Rule and previous informal guidance from Commission staff, and makes clear that ed tech vendors may not submit children to commercial surveillance and data monetization practices when using technology in the classroom.

Continue Reading FTC Unanimously Adopts Policy Statement on Education Technology and COPPA

Last week, Senators Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN) introduced the bipartisan Kids Online Safety Act (“KOSA”), which would impose new safeguards, tools, and transparency requirements for minors online.  The bill applies to entities that are a “commercial software application or electronic service that connects to the internet and that is used, or is

2021 was another busy year for data privacy regulatory enforcement and litigation. With some distance to reflect on last year, we have prepared this post identifying and describing important trends from 2021 that can help provide insight into what to expect in the data privacy landscape in 2022.

Data Privacy Regulatory Enforcement Trends

Federal Trade Commission (FTC) and state enforcement action in 2021 centered on several key areas, including protecting children.

An FTC enforcement action last year alleged that the maker of an online coloring book application violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information about children who used the app without notifying their parents and obtaining their consent.  The allegations note that the app included a “Kids” category that was targeted to children.  The FTC further claimed that the app’s social media features collected personal information from users and that some parents, lacking knowledge of these features, may have inadvertently permitted their young children to use the app.
Continue Reading 2021 Trends in Privacy Regulatory Enforcement and Litigation