As we promised in our post on the Yelp and TinyCo Federal Trade Commission COPPA enforcement actions, the Mintz Privacy Team has prepared an extensive review and analysis of both actions, and a helpful guide to avoiding COPPA violations.
Client Advisory is available here. Continue Reading Time to Step Up Your COPPA Compliance
Written by Julia Siripurapu, CIPP
As we predicted in prior blog posts (here and here), the Federal Trade Commission has begun its vigorous enforcement of the Amended COPPA Rule. And one of the players is not a child-related site, so read on. Continue Reading BREAKING NEWS: THE COPPA ENFORCEMENT ACTIONS ARE HERE!
Written by Julia Siripurapu, CIPP/US
According to recent media reports, Google is allegedly designing a Google account for children under 13 which would permit children in this age group to officially create their own Gmail account and to access a kid-friendly version of YouTube. Google currently prohibits children 12 and under from creating a Google account by implementing an age neutral verification mechanism in the account creation process and using cookies to ensure that children cannot bypass the age screen on a subsequent try. As reported by the Wall Street Journal, “now Google is trying to establish a new system that lets parents set up accounts for their kids, control how they use Google services and what information is collected about their offspring… Google wants to make the process easier and compliant with the rules.”
The reported initiative, which has not yet been confirmed by Google, is certainly very interesting and would clearly require the tech giant to comply with the Children’s Online Privacy Protection Act (“COPPA”) and its implementing rule (as amended, the “COPPA Rule”). It will be especially interesting to see how Google handles the advertising component of the service, which is a major piece of its business. In order to comply with COPPA, Google would have to engineer and design the new service based on the requirements of the COPPA Rule. PC Magazine reported in its story that “as part of the move, Google will also introduce a dashboard where parents can oversee their kids’ activities.” This seems like a step in the right direction for Google, but it will be a long journey! As we all know, the COPPA Rule goes far beyond giving parents the right and ability to monitor their children’s online activities and includes, among other requirements, complex, parental notice and verifiable consent requirements. You can link here for a copy of the Mintz Levin Guide to COPPA.
As the first company that would offer an online service specifically targeting children under 13, Google would certainly be in the spotlight and the new service would be closely monitored by the privacy community and the FTC. In fact, privacy advocacy groups, like the Center for Digital Democracy (CDD), have already voiced concern, as reported by the Wall Street Journal, that “Unless Google does this right it will threaten the privacy of millions of children and deny parents the ability to make meaningful decisions about who can collect information on their kids.” CDD’s executive director, Jeff Chester, informed the Wall Street Journal that the CDD shared its concerns with the Federal Trade Commission on Monday and that the organization is in the process of creating an action plan for monitoring how Google rolls out the service to children. The Wall Street journal also reported that the FTC declined to comment on the matter, “saying the agency does not comment on specific companies’ plans.”
Written by Julia Siripurapu, CIPP
U.S. District Court Judge Ronald M. Whyte has issued an order granting in part and denying in part Google’s Motion to Dismiss the class action filed against the Company on March 7 in the U.S. District Court for the Northern District of California as a result of unauthorized children’s in-app purchases in the Google Play Store. As discussed in detail in our prior blog post, the lawsuit was filed by a New York mother on behalf of herself and other parents whose minor children downloaded free or relatively inexpensive child-directed games from the Google Play store and then incurred charges for purchasing items that cost money within the app without parental consent or authorization. Continue Reading Update on Google Unauthorized Children’s In-App Purchase Class Action: THE SHOW MUST GO ON!
Written by Julia Siripurapu, CIPP/US
Some clarification and a bit more flexibility was forthcoming late last week from the Federal Trade Commission to help ease compliance with the “new” COPPA.
In its recent update to three FAQs in Section H (Verifiable Parental Consent) of the COPPA FAQs , the FTC provided important information on the topic of verifiable parental consent. The revisions are particularly important for the mobile application market since it is now very clear that developers of mobile applications directed to children under 13 can use an app store to obtain verifiable parental consent and that the app stores providing the verifiable parental consent mechanism “will not be liable under COPPA for failing to investigate the privacy practices of the operators for whom you obtain consent.” Continue Reading COPPA Update: FTC Provides More Flexibility on Obtaining Verifiable Parental Consent
FTC Sues Amazon Over In-App Purchases Made by Children
Written by Jake Romero, CIPP
Children, according to Whitney Houston, are our future, but they are also, according to the Federal Trade Commission, willing to spend unlimited amounts of money to purchase virtual items within mobile applications. In a lawsuit filed after Amazon.com, Inc. resisted a settlement offer similar to the FTC’s settlement with Apple, Inc., the FTC claims that Amazon allowed millions of dollars of in-app purchases from children on the mobile application store installed on its Kindle Fire devices and on mobile devices running the Android operating system. In response to the alleged unfair practices, the FTC is seeking an injunction against Amazon and restitution to Amazon consumers. Continue Reading Privacy Monday: July 14, 2014
Written by Julia Siripurapu, CIPP
Just a little over a month after settling charges of false promises of disappearing user messages (among other things) with the Federal Trade Commission (“FTC”), mobile app developer Snapchat, Inc. (“Snapchat” or “Company”) announced (blog post) that on June 12th the Company entered into an agreement with the Office of Maryland Attorney General Douglas Gansler to resolve similar claims of consumer deception as well as additional allegations of failure to comply with the Children’s Online Privacy Protection Act (“COPPA”) and its implementing rule (as amended, the “COPPA Rule”). Continue Reading Round Two for Snapchat: Agreement with the Maryland Attorney General Settling Claims of Consumer Deception and COPPA Violations
Written by Julia Siripurapu, CIPP
The FTC has just published updates to the COPPA FAQs, the Commission’s compliance guide for businesses and consumers, to address the applicability of COPPA and the Amended COPPA Rule to educational institutions and businesses that provide online services, including mobile apps, to educational institutions.
The “COPPA and Schools” FAQs cover in detail the key topic of consent in the school setting and provide compliance guidance for covered entities. Continue Reading FTC Updates COPPA FAQs to Address Education Space
Written by Julia Siripurapu, CIPP/US
Delaware state representative Darryl Scott recently introduced the Child Online Protection Act (House Bill 261 or the “Bill”), to the state’s House of Representatives. If passed, the Bill would: (1) prohibit the online marketing and advertising of certain products and services to children under the age of 18 (“Minors”) as well as using a Minor’s personally identifiable information (“any information about a person that permits the physical or online identifying or contacting of a person,” such as a home or other physical address, e-mail address, telephone number, social security number (or other government issued ID), geolocation data, DNA or other genetic material) to market or advertise certain products or services to the Minor, (2) permit individuals to delete or request the deletion of content they posted online (either via a website or mobile application) as Minors, except in certain prescribed circumstances, and (3) requires online operators to establish an age verification system “that can be reasonably expected to identify the age of the child who is a prospective or registered user.” Continue Reading Online Protection for Children: Delaware following California?
Written by Julia Siripurapu, CIPP/US
Just two months after Apple’s settlement with the FTC over lax parental controls over children’s in-app purchases (see our prior blog post), Google takes the spotlight with claims of unauthorized children’s in-app purchases in the Google Play Store! This time, it’s not an FTC action, but a class action. The suit was filed on March 7 in the U.S. District Court for the Northern District of California. The suit was brought by a New York mother (“Plaintiff”) on behalf of herself and other parents whose minor children downloaded free or relatively inexpensive child-directed games from the Google Play store and then incurred charges for purchasing items that cost money within the app without parental consent or authorization. For example, the Plaintiff’s five year old son spent over $65 dollars on virtual Crystals while playing the game “Marvel Run Jump Smash!” on an Android device.
According to the complaint, the apps directed to children that are offered for sale in the Google Play store are “designed to induce purchases of what Google refers to as ‘In-App Purchases’ or ‘In-App Content,’ i.e. virtual supplies, ammunition, fruits and vegetables, cash, and other fake ‘currency,’ etc. within the game in order to play the game as it was designed to be played (‘Game Currency’)”. As noted in the complaint, while Google required users to enter a password to authenticate their account before purchasing and downloading an app or Game Currency, once the account is authenticated, the user, including children, could purchase “several hundreds of dollars” in Game Currency during a 30 minute window without having to re-enter a password. This billing practice allowed Google to automatically charge the account holder’s credit or debit card or PayPal account, without notifying the account holder or obtaining further consent of the account holder. Continue Reading Unauthorized Children’s In-App Purchases Round Two: Google Faces Class Action
