In this remote era, companies are increasingly being approached by their business teams with ideas about products and services that involve video or audio recordings of their consumers. It may also involve letting people manipulate photos of themselves. Sometimes, those recordings and pictures are of children. Content that contain images or audio of individuals are considered personal information under many laws, including the Children’s Online Privacy Protection Act (COPPA). What does this mean for companies? As we discussed in our previous blog post, COPPA requires obtaining parental consent if the personal information collected is being collected by the company online, and being collected from the child. The FTC’s recently streamlined FAQs help companies find and understand obligations if collecting photos or recordings from children. Namely, a reminder that this content is personal, and does require verifiable parental consent before being collected.
Continue Reading Back to School Special: Recordings, Photos, Kids, and Parental Consent

HyperBeard, the makers of several children’s mobile apps (including KleptoCats), recently settled with the FTC over failure to obtain verifiable parental consent before collecting children’s personal information online, in violation of COPPA. In its complaint, the FTC argued that the HyperBeard apps were clearly directed to children. The apps contained brightly-colored animated characters, kid-friendly language, games that were easy to play, and were promoted on kids’ websites and publications.
Continue Reading KleptoCats Maker Settles with FTC Over Failure to Get Parental Consent

The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming priorities. Generally, the report contains a summary of the FTC’s enforcement, advocacy, and rulemaking actions from 2019, a year where we saw several record-setting fines. The report also discusses privacy/security workshops, consumer education, and international engagement. Some of the highlights from 2019 discussed in the report include:
Continue Reading FTC Releases 2019 Privacy and Security Year in Review

The Federal Trade Commission is requesting comments and input on the effectiveness of the 2013 amendments it made to the Children’s Online Privacy Protection Rule. Although the FTC typically reviews its rules every ten years, it is doing so early because of rapid changes in and children’s expanded use of technology. Part of the input it is seeking is whether the COPPA Rule should be updated again. Among the specific input the FTC has requested, it wants to know if companies and other interested parties believe that the Rule should be amended to include websites and online services that are not directed at children but have large numbers of child users.
Continue Reading FTC Seeks Comments on COPPA Rule

The NJ attorney general recently announced that it settled with a Chinese entity over violations of COPPA. The company promotes itself as a “virtual beauty counter,” and makes a variety of apps that let consumers virtually try on makeup. These apps include facial recognition technology, as well as photo-editing tools that allow users to customize and touch up their photos (the apps include Beauty Plus, AirBrush, and Meitu). The apps, according to the AG, allowed children under 13 to submit personal information without first getting parental consent, in violation of the Children’s Online Privacy Protection Act.
Continue Reading NJ AG Settles with Chinese Firm Over COPPA Violations, FTC Sends Warning Letters

The settlement between VTech Electronics Ltd. and the FTC in the first Internet-connected toys COPPA case is a reminder for companies looking to enter the connected toys space not to forget this child-focused law.

The FTC complaint alleged that VTech violated the Children’s Online Privacy Protection Act and the FTC’s COPPA Rule because it collected personal information from children without parental consent. According to the FTC, VTech markets and sells various “electronic learning products,” which it targets to 3- to 9-year-olds. Those products have an area similar to an app store, and one of the apps available is called Kid Connect. Kid Connect, the FTC explained, lets children communicate with other users. Although parents did have to sign children up for the interactive features of the VTech products, the FTC had concerns about the compliance of the consent process. Namely, that VTech did not have a way to verify that the person submitting consent was the parent, not the child him or herself. Also of concern for the FTC, and in violation it alleged of COPPA, was not having a link to the privacy policy in all areas of Kid Connect where personal information was collected. And in some instances, like the Kid Connect registration page, the privacy policy link was not sufficiently prominent. Additionally, some of the information required by COPPA to be included in a privacy policy was missing. This included VTech’s address and email address, a full description of what information was being collected from children, and the parent’s right to review/delete children’s personal information.
Continue Reading Connected Toys, COPPA, and What’s Next