Children

Last Friday the California Senate unanimously passed legislation titled, “Privacy Rights for California Minors in the Digital World,” which prohibits certain types of marketing to minors (defined as a natural person under the age of 18 residing in California) and allows minors to delete materials they have posted online.  The bill, which already cleared the California Assembly, now has been sent to Governor Jerry Brown for approval.  If signed into law, the legislation would be effective beginning January 1, 2015. 

The bill, S.B. 365, which was introduced by Senator Darrell Steinberg, adds two new sections to the California Business & Professions Code.

Section 22580 would:

  • Prohibit an operator of a website, online service or application, or mobile application that is directed to minors from marketing or advertising on the service or application certain enumerated products or services that minors cannot otherwise legally purchase or use.  While some of these products and services may be obvious—e.g., alcohol, firearms, tobacco, and obscene materials—others—e.g., tanning and etching cream that is capable of defacing property—may be less so.  
  • Prohibit an operator of a website, online service or application, or mobile application from marketing or advertising the enumerated products or services where the operator has actual knowledge a minor is using its service or application, if the marketing or advertising is directed to that minor based on information specific to the minor such as profile, activity, address, or location, but excluding IP addresses and product identification numbers.  The operator shall be deemed in compliance with this provision if it takes reasonable actions in good faith designed to avoid marketing or advertising under these circumstances.
  • Prohibit an operator of a website, online service or application, or mobile application that is directed to minors or who has actual knowledge that a minor is using its service or application from knowingly using, disclosing, or compiling the personal information of a minor (or allowing a third party to do so) with actual knowledge that such activity is for purposes of marketing or advertising the enumerated products or services to that minor. 
  • These prohibitions do not apply, however, to the incidental placement of products or services embedded in content, if the content is not distributed by or at the direction of the operator primarily for the purposes of marketing and advertising the enumerated products or services.
  • Additionally, “marketing or advertising” is defined to require an “exchange for monetary compensation” in order “to make a communication to one or more individuals, or to arrange for the dissemination to the public of a communication, about a product or service the primary purpose of which is to encourage recipients of the communication to purchase or use the product or service.”  Thus, social media content or applications that only promote an enumerated product or service without paid placement would not fall within the scope of the bill. 

Continue Reading CA Legislature Passes Bill Establishing Online Protections for Minors

The Federal Trade Commission has sent letters to more than 90 different companies who develop mobile apps that the FTC claims may be directed to children.  The letters emphasize that the FTC has not evaluated the apps or the companies’ practices to determine if they comply with the current or revised

Continue Reading FTC Reminds Mobile App Developers To Comply With Revised Children’s Privacy Requirements By July 1

The Federal Trade Commission (FTC) has voted unanimously to retain the July 1, 2013 effective date for its revisions to the rule implementing the Children’s Online Privacy Protection Act (COPPA).  As we previously wrote, the FTC adopted significant revisions to the COPPA rule in December 2012 and established a July

Continue Reading FTC Votes To Retain July 1 Compliance Date for Revised COPPA Rule

Last week, the California Senate unanimously passed a bill that would give California minors the right to “remove content or information” that they submit to websites, online services, online applications, or mobile applications.  The term “content or information” is not defined, and could be interpreted broadly to include any text, photos, videos, audio files, or other information provided by the minor.  Under S.B. 568, if a user under the age of eighteen years-old posted content or information on a website, online service, online application, or mobile application and later decided that he would like to have the content or information deleted, the operator of the website, online service, online application, or mobile application would be required to comply with this request. 

This requirement is subject to two important exceptions; websites, online services, online applications, and mobile applications would not be required to erase or eliminate content or information upon request (1) when other state or federal law requires that the site or service maintain the content or information, or (2) when the content or information is submitted by a third party other than the minor, or a third party republishes or resubmits content originally posted by the minor. Continue Reading California Senate Unanimously Passes Online Privacy Bill That Would Give Minors an “Eraser Button”

The Federal Trade Commission has released its much anticipated revised COPPA FAQs.  Although these FAQs are not legally binding, they provide informal guidance to industry on staff’s interpretations of the COPPA Rule. 

For the most part, the FAQs reiterate past guidance and emphasize key provisions of the new COPPA Rule and its Statement of Basis and Purpose.  However, here are 5 key things that the revised COPPA FAQs clarify:

  1. Operators are not legally required to obtain parental consent for certain information that was collected before the effective date of the new COPPA Rule and that was not considered “personal information” under the original COPPA Rule.  Specifically, parental consent is not required for the following categories of information that were collected before July 1, 2013:  (1) photos, videos, and audio files containing a child’s image or voice; (2) screen or user names that function as online contact information (unless the operator combines them with new information after July 1, 2013); and (3) persistent identifiers (unless the operator continues to collect the persistent identifiers or combines them with new information after July 1, 2013).  (FAQ 4)
  2. Operators of child-directed sites and online services that do not target children as their primary audience may not block children from participating in the site or service altogether, although the operator may offer different activities to users based on age. (FAQ 38) This would seem to allow an operator to block the child from all interactive features that could enable the sharing of personal information, as long as the child can continue to use portions of the site that do not require or enable the sharing of personal information. 
  3. Third-party services that are integrated on child-directed sites will be deemed to have “actual knowledge” if, in the future, a formal industry standard or agreed-upon convention is developed under which sites or services signal their child-directed nature to integrated third parties.  However, the mere collection of a URL from a child-directed site or service is unlikely to constitute actual knowledge.  (FAQ 39)  This guidance builds on a blog post published by the FTC’s Chief Technologist, Steve Bellovin.
  4. An operator of a child-directed site or service does not need to notify parents or obtain parental consent before collecting pictures from children, as long as it either blurs the child’s facial features or prescreens and deletes photos of children before posting them online.  (FAQs 43-45)  (But don’t forget to scrub for metadata as well — photo metadata that contains precise geolocation information may trigger the COPPA Rule.)
  5. A third party who is integrated on a child-directed site may rely on the “support for internal operations” exception to support the third-party’s own internal operations.  There actually was text in the final COPPA Rule’s Statement of Basis and Purpose supporting this point, but the revised COPPA FAQs make this point crystal clear.  (FAQ 77)

In addition, the COPPA FAQs clarify how the COPPA Rule applies in the classroom:Continue Reading FTC Releases Revised COPPA FAQs: Here’s What’s New

The Federal Trade Commission has released its revised final rule implementing the Children’s Online Privacy Protection Act (“COPPA”), which governs (1) operators of websites and online services that are directed to children under the age of 13 and (2) operators of general audience websites or online services that have actual knowledge that a user is under 13.

The Commission retained the “e-mail plus” consent method and supported a number of new parental consent methods, streamlined the notice requirements, and encouraged the use of automatic filtering tools.  Although the Commission pushed forward with its proposal to define “personal information” to include persistent identifiers, it also broadened the definition of support for internal operations.  Below is a summary of the highlights. 

Continue Reading FTC Adopts Final COPPA Rule: What Businesses Should Know

Earlier today, the Federal Trade Commission announced a two-week extension for submitting comments on the FTC’s latest proposed revisions to the rule implementing the Children’s Online Privacy Protection Act (“COPPA”).  In place of the original September 10, 2012, deadline, comments will now be accepted until September 24, 2012.

The FTC

Continue Reading COPPA Comments Now Due September 24, 2012

Earlier this morning, the FTC proposed additional revisions to the rule implementing the Children’s Online Privacy Protection Act (“COPPA”).  COPPA governs the online collection, use, and disclosure of children’s personal information by (1) operators of websites and online services that are directed to children under the age of 13 and
Continue Reading FTC Proposes Additional Revisions to COPPA Rule