Tag Archives: COPPA

FTC Seeks to Send a Message about COPPA and Schools

In late May, the Federal Trade Commission sought an injunction in the Northern District of California against Edmodo, which has historically offered school districts a virtual classroom platform with tools for assignments, quizzes, and similar items.  The FTC argues that Edmodo violated the Children’s Online Privacy Protection Act by failing to obtain parental consent to certain disclosures of children’s personal information.

As the FTC has long expressed in guidance,… More

Chinese Regulation of Children’s Personal Data Goes into Effect

On October 1, 2019, China’s new regulation to protect personal data related to children – called the “Measures on Online Protection of Children’s Personal Data” – went into effect.

As we wrote in June, when a draft of the regulation was released by the Cyberspace Administration of China, the regulation contains elements similar to those found in both the United States’ Children’s Online Privacy Protection Act (“COPPA”) and the European Union’s General Data Protection Regulation (“GDPR”).… More

China’s Internet Regulator Drafts COPPA-Like Rules for Children’s Data Privacy

In early June, the Cyberspace Administration of China released for public comment new draft regulations applicable to the collection of personal information relating to children under 14 by online service providers.

The draft regulations share many of the same structures as those utilized by the Children’s Online Privacy Protection Act (“COPPA”) in the United States:

  • online service operators will have to obtain parental consent based on a comprehensive disclosure about the collection,…
  • More

Consumers and Senators Urge FTC to Investigate New Child-Focused, Voice-Activated Device

On May 9, 2019, a coalition of consumer groups submitted a complaint to the Federal Trade Commission (“FTC”) regarding Amazon’s Echo Dot Kids Edition, arguing that the device runs afoul of the Children’s Online Privacy Protection Act (“COPPA”).  The Echo Dot Kids Edition is a child-focused version of Amazon’s popular voice-activated smart speaker device that utilizes Amazon’s Alexa digital assistant.… More

Settlement Offers Guidance on What “Reasonable” Security Means Under COPPA

The FTC’s COPPA Guidance does an admirable job explaining the basics of what a business needs to do to comply with COPPA, but is vague as to how a business must protect personal information collected from children. The COPPA Guidance requires that a company use “reasonable procedures” to protect such information from unauthorized access or use, but does not explain what “reasonable procedures” means. This is,… More

FTC Updates COPPA Guidance for Businesses

On June 21, 2017, the FTC updated its COPPA Compliance Guidance for businesses. The new guidance includes new descriptions of services and products covered by COPPA, and new methods for obtaining parental consent.

Though the guidance is new, the subjects of the guidance generally are not; for example, “internet-enabled location-based services” have long been within the ambit of COPPA because geolocation information has long been part of the definition of “personal information” of children that COPPA regulates.… More

Cybersecurity News and Notes: June 27, 2016

In Case You Missed It

The FTC settled with mobile advertising company InMobi for $950,000 in civil penalties, along with the implementation of a privacy program, based on the FTC’s charges that InMobi impermissibly tracked the locations of both adult and child consumers for the purpose of geo-targeted advertising.  The latter, of course, also implicated allegations of violations of the Children’s Online Privacy Protection Act (COPPA) rule. … More

FTC Announces COPPA Settlements Based on Persistent Identifiers

The COPPA Rule requires website and online service operators to give notice to parents and obtain verifiable parental consent before collecting children’s “personal information” online.  16 CFR §§ 312.4, 312.5.  The definition of “personal information” encompasses some obvious pieces of data – name and address, for example – and some less-obvious ones, such as screen names, geolocation data, and “persistent identifiers.”  A “persistent identifier” is a piece of information “that can be used to recognize a user over time and across different web sites or online services,” such as “a cookie,… More

COPPA, Meet DOPPA – Delaware AG Action Leads to New Child-Protection Data Privacy Laws

Delaware Attorney General Matt Denn is serious about online privacy, and aims to make Delaware “the safest state in America for kids to use the internet.” This August, Delaware Governor Jack Markell signed into law four online privacy bills drafted by the Attorney General, the most substantial of which is the Delaware Online Privacy and Protection Act.

DOPPA goes further than its federal cousin,… More

The FTC, COPPA, and Riyo’s “Face Match to Verified Photo Identification”

Webcamera on laptop staring at you(clipping path)The FTC’s COPPA (the Children’s Online Privacy Protection Act) Rule requires website operators to obtain “verifiable parental consent” prior to collecting, using, or disclosing personal information from children. Though the COPPA Rule enumerates several methods for obtaining consent, the FTC, sensitive to how fluid technological developments in this space can be, also allows pre-approval of new methods not listed in the Rule. 16 CFR 312.12(a).… More