Children's Online Privacy Protection Act

On October 22, 2019, the Federal Trade Commission reached a proposed settlement with the developer of three so-called “stalking” apps that enabled purchasers of the app to secretly monitor the mobile devices on which they were installed.  Developer Retina-X Studios, LLC and its owner James N. Johns marketed the three apps—MobileSpy, PhoneSheriff, and TeenShield—as a means to monitor children and employees by sharing detailed information about these individuals’ smart phone activities, including their text messages and GPS locations.  The FTC complaint alleges that the developer failed to ensure that the apps would be used for legitimate and lawful purposes, did not secure personal information collected from children and other users, and misrepresented the extent to which that information would be kept confidential.

While the FTC settlement represents its first case against developers of tracking apps, the complaint’s allegations rely on provisions of the FTC Act that are broadly applicable to companies that collect, store, and/or monitor users’ personal information, as well as the Children’s Online Privacy Protection Act (“COPPA”): 
Continue Reading FTC Reaches Settlement with Developer of Tracking Apps

Earlier this week, the Federal Trade Commission and Department of Education announced plans to hold a joint workshop on the application of the Children’s Online Privacy Protection Act (“COPPA”) and the Family Educational Rights and Privacy Act (“FERPA”) to educational technology products and services in the K-12 school environment.  In advance of the workshop, the FTC and Department of Education are soliciting comments on several key questions regarding COPPA and FERPA compliance for educational technology providers.  This is a valuable opportunity for Ed Tech providers to provide feedback to both agencies on the practical application of COPPA and FERPA in this arena.

Continue Reading FTC and Department of Education Announce Joint Workshop on FERPA and COPPA Compliance for Ed Tech

The FTC staff published today a “Six-Step Compliance Plan” for businesses to comply with the Children’s Online Privacy Protection Act (COPPA).

The guidance, which provides a useful framework for businesses, states explicitly that COPPA applies to connected toys and other devices that collect personal information from children over the Internet.  The FTC’s 2013

By Megan L. Rodgers

What information is being collected by mobile apps and websites directed at kids? With whom is that information shared? What notice is provided to parents? Regulators in the U.S. and abroad continue to focus on these issues.

The FTC recently released a follow-up report on privacy notices in mobile apps directed at kids. The report follows two FTC kids’ app surveys released in February 2012 and December 2012, and a campaign by the FTC to bring all apps in compliance with the revised COPPA Rule by July 1, 2013.

How did mobile apps directed at children fare? The results were mixed. The FTC looked at hundreds of mobile apps and noted that there has been “a step in the right direction” since their last survey, but the FTC was careful to point out that “there’s more work to be done.” In December 2012, only 20% of apps had a link to a privacy policy available to parents before downloading the app; today, the number of apps with direct links to a privacy policy is 45%. Although this is an improvement, the FTC said that for many kids’ apps, parents still do not have an easy way to learn about data collection and usage practices.
Continue Reading Regulators in the U.S. and U.K. Monitoring Mobile Apps and Websites Directed at Children

By Ani Gevorkian

The FTC has issued a request for public comment regarding Riyo’s application to recognize a new proposed verifiable parental consent method under the FTC’s Children’s Online Privacy Protection Act Rule.  The Rule, which implements the Children’s Online Privacy Protection Act (COPPA), requires certain website operators, mobile applications, and other online services to

As part of our continuing coverage of the Congressional Privacy Bill, we provide below a deeper examination and explanation of Title II of the bill, the Do Not Track Kids Act of 2015.  The Do Not Track Kids Act of 2015 amends the Children’s Online Privacy Protection Act (“COPPA”) by making its protections more expansive and robust.  Specifically, the bill extends COPPA’s protections to teenagers, expands the scope of the entities subject to COPPA’s provisions, and imposes new obligations on those entities.

COPPA currently requires websites and online services that knowingly collect information from children under the age of 13 or that are targeted toward children under the age of 13 to make certain disclosures and obtain parental consent before collecting and using personally identifiable information obtained from children.
Continue Reading Congressional Privacy Bill: Do Not Track Kids Act of 2015

In late December 2014, the FTC staff sent China-based mobile app developer BabyBus a letter warning the company that several of its apps may violate the FTC’s Children’s Online Privacy Protection Act (COPPA) Rule. Staff alleged that the apps are marketed for young children and “use cartoon characters to teach children letters, counting, shapes, music, and matching.” The FTC claimed the company must comply with the COPPA Rule’s notice, verifiable parental consent, and other requirements because some of the apps collect precise geolocation information that is shared with third parties, such as advertising networks or analytics companies. The letter warned that staff will review the apps again and encouraged the developer to take steps to comply with COPPA.
Continue Reading FTC Warns Foreign Mobile-App Developer To Comply With COPPA

Making good on its warnings that mobile apps will be an enforcement priority under the revised Children’s Online Privacy Protection Act (“COPPA”) Rule, the FTC has announced two settlements with mobile app developers:

  1. TinyCo., the developer of several child-directed mobile apps, will pay $300,000 to settle charges that it violated COPPA by collecting children’s email

The FTC staff has posted revisions to three Frequently Asked Questions (“FAQs”) related to obtaining verifiable parental consent under its COPPA Rule. For a comparison of the old and new FAQs, click here.

Although the changes (which include a new FAQ H.16) may appear substantial, they mostly reaffirm the FTC’s longstanding position that the

Last weekend at South by Southwest (“SXSW”) Interactive, a panel promoted the notion that it is in fact possible to harmonize innovation with kids’ privacy in the app space, but that doing so involves “a lot of work.”  In particular, the panel suggested that it takes a conscious desire on the part of app developers to create brands and interfaces that build in transparency, with the specific purpose of inspiring parent trust.  The panel featured Lorraine Akemann, Co-Founder of Moms with Apps; Elana Zeide, Privacy Research Fellow at New York University’s Information Law Institute; and moderator Sara Kloek, Director of Outreach at the Association for Competitive Technology.  It was one of the few privacy events at SXSW Interactive focused on children.

Continue Reading Covington at #SXSW: Can Innovation and Kids’ Privacy Coexist?