Making good on its warnings that mobile apps will be an enforcement priority under the revised Children’s Online Privacy Protection Act (“COPPA”) Rule, the FTC has announced two settlements with mobile app developers:

  1. TinyCo., the developer of several child-directed mobile apps, will pay $300,000 to settle charges that it violated COPPA by collecting children’s email addresses through its mobile app without sufficient notice and parental consent.
  2. Yelp, the developer of a general-audience mobile app for user-generated reviews of restaurants and other businesses, will pay $450,000 to settle charges that a technical glitch allowed children under 13 to register without parental notice and consent.

While the settlements are getting a lot of attention in the press, the complaints are perhaps most interesting in that they continue the general trend of FTC enforcement actions addressing clear-cut cases of a company collecting children’s personal information (such as e-mail addresses) without providing parents notice or obtaining parental consent.  The FTC’s settlements to date have not included allegations related to online behavioral advertising, social plugins, or similar issues involving the integration of third-party services.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.