parental consent

On June 9, 2021, the French Supervisory Authority (“CNIL”) published recommendations to help strengthen the protection of minors online (see here, in French).  These recommendations are the result of a survey and public consultation conducted by the CNIL in 2020, which focused on the digital practices of minors (see our blog post here).  The results of the CNIL’s survey and public consultation indicate that children are accessing the Internet at an early age on a “massive” scale.  In light of this reality, the CNIL underscores the importance of ensuring that minors benefit from the effective protection of their personal data when engaging online.
Continue Reading French CNIL Publishes Recommendations for Protecting Minors Online

The Article 29 Working Party (WP29) has published long-awaited draft guidance on transparency and consent under the General Data Protection Regulation (“GDPR”).  We are continuing to analyze the lengthy guidance documents, but wanted to highlight some immediate reactions and aspects of the guidance that we think will be of interest to clients and other readers of InsidePrivacy.  The draft guidance is open for consultation until 23 January 2018.
Continue Reading EU Regulators Provide Guidance on Notice and Consent under GDPR

By Ani Gevorkian

The FTC has issued a request for public comment regarding Riyo’s application to recognize a new proposed verifiable parental consent method under the FTC’s Children’s Online Privacy Protection Act Rule.  The Rule, which implements the Children’s Online Privacy Protection Act (COPPA), requires certain website operators, mobile applications, and other online services to

As part of our continuing coverage of the Congressional Privacy Bill, we provide below a deeper examination and explanation of Title II of the bill, the Do Not Track Kids Act of 2015.  The Do Not Track Kids Act of 2015 amends the Children’s Online Privacy Protection Act (“COPPA”) by making its protections more expansive and robust.  Specifically, the bill extends COPPA’s protections to teenagers, expands the scope of the entities subject to COPPA’s provisions, and imposes new obligations on those entities.

COPPA currently requires websites and online services that knowingly collect information from children under the age of 13 or that are targeted toward children under the age of 13 to make certain disclosures and obtain parental consent before collecting and using personally identifiable information obtained from children.
Continue Reading Congressional Privacy Bill: Do Not Track Kids Act of 2015

Last weekend at South by Southwest (“SXSW”) Interactive, a panel promoted the notion that it is in fact possible to harmonize innovation with kids’ privacy in the app space, but that doing so involves “a lot of work.”  In particular, the panel suggested that it takes a conscious desire on the part of app developers to create brands and interfaces that build in transparency, with the specific purpose of inspiring parent trust.  The panel featured Lorraine Akemann, Co-Founder of Moms with Apps; Elana Zeide, Privacy Research Fellow at New York University’s Information Law Institute; and moderator Sara Kloek, Director of Outreach at the Association for Competitive Technology.  It was one of the few privacy events at SXSW Interactive focused on children.Continue Reading Covington at #SXSW: Can Innovation and Kids’ Privacy Coexist?

The FTC has denied AssertID’s request to recognize a new method for obtaining verifiable parental consent for the online collection, use, and disclosure of personal information from children under 13.  The application was the first of its kind to be filed since the FTC added a voluntary parental consent approval process to its revised rule implementing

Online advertiser ScanScout has entered into a consent agreement with the Federal Trade Commission in connection with claims it made that consumers could opt out of receiving targeted ads by changing their computer’s web browser settings to block cookies.  According to the FTC, these claims were deceptive with respect to the use of so-called “Flash cookies” since browser settings did not allow users to remove or block the Flash cookies used by the company.  Flash cookies generally cannot be controlled through browser privacy settings, in contrast to traditional “HTTP” cookies.

Under the terms of the proposed settlement, ScanScout must post a prominent notice on its home page stating the following:  “We collect information about your activities on certain websites to send you targeted ads. To opt out of our targeted advertisements, click here.”  The company must provide a hyperlink to an opt-out mechanism that offers users the ability – through a single click or a single change to a browser setting – to prevent the company from:

  • collecting information that can identify the user or her computer;
  • associating any previously collected data with the user; or
  • in the absence of any affirmative action by the user, redirecting the user’s browser to third parties that collect data. 

The opt out choice must remain in effect for a minimum of five years.  There also must be a clear and prominent notice within close proximity of the opt out mechanism that provides certain additional disclosures, including the current status of the user’s choice and any circumstances that, if initiated by the user, would disable the choice made by a user. Continue Reading FTC Settles Flash Cookie and COPPA Claims

The Children’s Online Privacy Protection Act (“COPPA”) provides a safe harbor for companies that comply with FTC-approved self-regulatory guidelines.  Since COPPA’s enactment, the FTC has approved proposals submitted by CARU, ESRB, TRUSTe, and Privo, Inc.  

Aristotle, which operates the Integrity suite of age and identity verification services, recently filed an application with the FTC to become an FTC-approved safe harbor program.