COPPA

Subscribe to COPPA via RSS

The Children’s Advertising Review Unit recently settled with KidGeni – a generative art platform intended for children- for allegedly violating both CARU’s guidelines and COPPA. According to CARU, which is a self-regulatory organization that audits the privacy practices of companies in the child space, KidGeni collected personal information without first getting parental consent. CARU began its investigation in the company’s functionality in August 2023. As part of its investigation, it reached out to the company to clarify how the site obtained prior parental consent for its children’s platform as required under both COPPA and CARU’s guidelines.Continue Reading CARU Settles With KidGeni AI Platform Over Alleged Privacy Violations 

The Children’s Advertising Review Unit recently found that Tilting Point Media violated COPPA and CARU’s Self-Regulatory Guidelines for Advertising and for Children’s Online Privacy. Tilting Point is the operator of the SpongeBob: Krusty Cook-Off app. The case arose as part of CARU’s routine monitoring of child directed content.Continue Reading CARU Strikes Again: Another Mixed-audience App Settles Over COPPA Allegations

Firefly Games agreed to take corrective action in response to the Children’s Advertising Review Unit’s allegations that the company had violated COPPA by inaccurately (and confusingly) explaining its privacy practices. The app in question, LOL Surprise! Room Makeover, featured dolls and characters intended for children and animated characters. It also included content directed to adult users. CARU concluded as part of its routine reviews that, inter alia, the app was “mixed audience.” As such, the app needed to comply with not only CARU’s guidelines, but the Children’s Online Privacy Protection Act as well.Continue Reading Children’s App Settles with CARU Over COPPA and Guideline Violation Allegations

The FTC recently took two well-publicized steps in the children’s privacy space. First, it penalized WW International (formerly, Weight Watchers) and its subsidiary, Kurbo, for alleged COPPA violations. Second, it unanimously voted to adopt a new policy statement on education technology and COPPA. These actions follow its March COPPA settlement with TickTalk Tech.Continue Reading FTC Continues Focus on Children’s Privacy

The Children’s Advertising Review Unit recently settled with TickTalk Tech, LLC over its information collection practices. CARU, a self-regulatory body that reaches voluntary settlements with companies, conducts regular audits of privacy practices by companies in the child space. During one such audit, it identified concerns over TickTalk Tech’s kids smart watch, TickTalk4.
Continue Reading Smart Watch Maker Settles with CARU Over Privacy Policy and Parental Consent

The FTC recently announced the removal of Aristotle International, Inc. from the list of seven approved safe harbor programs under the Children’s Online Privacy Protection Act. Programs that are approved by the FTC must place requirements on participating organizations that are the same -or greater- than the requirements of COPPA. (As we have reported in the past, COPPA requires, inter alia, getting verified parental consent before collecting personal information from children online.) Companies that participate in those approved COPPA safe harbor programs are deemed in compliance with COPPA. Such protection can be valuable with a law, like COPPA, that has been found to be confusing to operationalize.
Continue Reading A COPPA First: Safe Harbor Program Removed From Approved List

HyperBeard, the makers of several children’s mobile apps (including KleptoCats), recently settled with the FTC over failure to obtain verifiable parental consent before collecting children’s personal information online, in violation of COPPA. In its complaint, the FTC argued that the HyperBeard apps were clearly directed to children. The apps contained brightly-colored animated characters, kid-friendly language, games that were easy to play, and were promoted on kids’ websites and publications.
Continue Reading KleptoCats Maker Settles with FTC Over Failure to Get Parental Consent

The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming priorities. Generally, the report contains a summary of the FTC’s enforcement, advocacy, and rulemaking actions from 2019, a year where we saw several record-setting fines. The report also discusses privacy/security workshops, consumer education, and international engagement. Some of the highlights from 2019 discussed in the report include:
Continue Reading FTC Releases 2019 Privacy and Security Year in Review

Two mobile apps directed at children were recently subject to action by the Children’s Advertising Review Unit. The first, “My Talking Tom,” is a virtual pet game for children operated by Outfit7 Limited. One issue was the display of Outfit7’s privacy policy. Under the Children’s Online Privacy Protection Act, privacy policies must be understandable, and contain no unrelated material. The app’s policy, however, contained advertisements for other games, and animated balloons that obstructed the user’s view. Accordingly, CARU found that the distracting content violated COPPA. Outfit7 prudently removed the content, and CARU took no further action on the issue.
Continue Reading CARU Takes Action Against Two Mobile Apps

Unixiz, operator of the i-Dressup site, reached an agreement with the New Jersey Attorney General to settle charges that the company had violated the Children’s Online Privacy Protection Act and the New Jersey’s Consumer Fraud Act. The New Jersey AG claimed that Unixiz violated these statutes by collecting information about children without first getting parental consent. The AG’s investigation into Unixiz’s privacy practices began after Unixiz disclosed a data breach in 2016. Users of the i-Dressup site created accounts with the site (and thus established usernames and passwords). In 2016 hackers accessed approximately 2.2 million users’ names and passwords.  In response to the breach, the New Jersey AG launched an investigation into the company. The investigation revealed that in addition to failing to safeguard its users’ information, Unixiz did not get parental consent before collecting children’s personal information, as required under COPPA. Included among its users were 2,519 New Jersey children. 
Continue Reading Unixiz Settles COPPA Allegations with NJ AG

The NJ attorney general recently announced that it settled with a Chinese entity over violations of COPPA. The company promotes itself as a “virtual beauty counter,” and makes a variety of apps that let consumers virtually try on makeup. These apps include facial recognition technology, as well as photo-editing tools that allow users to customize and touch up their photos (the apps include Beauty Plus, AirBrush, and Meitu). The apps, according to the AG, allowed children under 13 to submit personal information without first getting parental consent, in violation of the Children’s Online Privacy Protection Act.
Continue Reading NJ AG Settles with Chinese Firm Over COPPA Violations, FTC Sends Warning Letters