children’s privacy

Subscribe to children’s privacy

Texas has joined Arkansas and Utah as the third state to impose requirements on social media accounts for those under 18. Namely, with the Securing Children Online through Parental Empowerment Act (“SCOPE Act”), Texas will place requirements on “digital service providers.” The law goes into effect September 1, 2024. It does not provide for a private right of action. Instead, enforcement will be by the Texas attorney general.

Continue Reading Texas’ SCOPE Act Puts Focus on Social Media and Minors

Texas has now become the 11th state, following Florida, to have a “comprehensive” privacy law. HB 4 was signed by the governor on June 18, 2023. This caps off a busy spring for state lawmakers not only in Texas, but Florida, Iowa, Indiana, Tennessee, and Montana. The law goes into effect on July 1, 2024 (the ability for agents to submit rights requests is not effective until January 1, 2025 however). For a round-up of state laws’ effective dates, visit here.

Continue Reading The Lone Star State Joins the Privacy Law Deluge: Another Governor Signs

Florida has become the latest state to enact a comprehensive privacy law this year when SB 262 was signed by Governor DeSantis last week. It combines some new, and some familiar, provisions. It has also passed a child privacy law, similar to parts of California’s Age Appropriate Design Act, going into effect July 1, 2024.

Continue Reading Another Governor Signs: Florida Privacy Law Will be Effective July 2024

The Utah legislature recently passed SB 152 and HB 311. While these two bills will primarily impact those who are “social media” entities under the law, they may have broader impact when the majority of their requirements take effect, on March 1, 2024.

Continue Reading The Beehive State Joins the Buzz Around Minors and Social Media

The California governor recently signed into law the California Age-Appropriate Design Code Act, which will go into effect July 1, 2024. The law applies to “businesses” (as defined by CCPA) that provide online services or features “likely to be accessed by children.” To understand if the product or service is likely to be accessed by children, companies should look at factors like audience composition, if there are child-directed ads, or elements known to be of interest to children. Children are those who are under 18 (as opposed to the federal Children’s Online Privacy Protection Act, applicable to collection of personal information of those under 13).

Continue Reading Impact on Companies of California’s Children’s Privacy Law – Effective 2024

The Children’s Advertising Review Unit recently found that Tilting Point Media violated COPPA and CARU’s Self-Regulatory Guidelines for Advertising and for Children’s Online Privacy. Tilting Point is the operator of the SpongeBob: Krusty Cook-Off app. The case arose as part of CARU’s routine monitoring of child directed content.

Continue Reading CARU Strikes Again: Another Mixed-audience App Settles Over COPPA Allegations

Firefly Games agreed to take corrective action in response to the Children’s Advertising Review Unit’s allegations that the company had violated COPPA by inaccurately (and confusingly) explaining its privacy practices. The app in question, LOL Surprise! Room Makeover, featured dolls and characters intended for children and animated characters. It also included content directed to adult users. CARU concluded as part of its routine reviews that, inter alia, the app was “mixed audience.” As such, the app needed to comply with not only CARU’s guidelines, but the Children’s Online Privacy Protection Act as well.

Continue Reading Children’s App Settles with CARU Over COPPA and Guideline Violation Allegations

The Children’s Advertising Review Unit recently settled with TickTalk Tech, LLC over its information collection practices. CARU, a self-regulatory body that reaches voluntary settlements with companies, conducts regular audits of privacy practices by companies in the child space. During one such audit, it identified concerns over TickTalk Tech’s kids smart watch, TickTalk4.

Continue Reading Smart Watch Maker Settles with CARU Over Privacy Policy and Parental Consent

The FTC recently announced the removal of Aristotle International, Inc. from the list of seven approved safe harbor programs under the Children’s Online Privacy Protection Act. Programs that are approved by the FTC must place requirements on participating organizations that are the same -or greater- than the requirements of COPPA. (As we have reported in the past, COPPA requires, inter alia, getting verified parental consent before collecting personal information from children online.) Companies that participate in those approved COPPA safe harbor programs are deemed in compliance with COPPA. Such protection can be valuable with a law, like COPPA, that has been found to be confusing to operationalize.

Continue Reading A COPPA First: Safe Harbor Program Removed From Approved List

The ICO first began its examination of Bounty UK Ltd. (a support club for parents) when the ICO was investigating the data brokerage industry generally, of which it viewed Bounty as taking part (given that it shared member information with third parties like Acxiom and Equifax). Here, in reaching its conclusion that the company had violated UK privacy laws, the ICO found the volume of sharing in which Bounty engaged “unprecedented,” and accused the company of both “careless data-sharing” as well as violations of the UK law that pre-dated GDPR (the violation having occurred prior to the law’s May 2018 implementation date). Interestingly, the violation has been described by commentators as a “data breach,” although it did not involve the typical “hacker” scenario that one thinks of when contemplating a breach. Instead, the company collected information and shared it with third parties without appropriate notice and consent.
Continue Reading UK ICO Fines Parenting Club £400,000 Over Breach Involving PII of Mothers and Babies