coppa news

  
By Lesley Fair

We can’t guarantee its effectiveness in getting kids to eat their vegetables or finish their homework. But there’s one circumstance in which a Mom or Dad’s “Because I said so . . . .” is the law of the land. When it comes to the online collection of personal information from kids under 13, the Children’s Online Privacy Protection Rule (COPPA) puts parents in charge.

Read more >

Settlement marks the agency’s first children’s privacy and security case involving connected toys

Note: A conference call for media with Tom Pahl, Acting Director of the FTC’s Bureau of Consumer Protection, will occur as follows:
Date: January 8, 2018
Time: 1 p.m. ET
Call-in info: (800) 230-1093; Confirmation Number: 442576
Call-in lines, which are for media only, will open 15 minutes prior to the start of the call. FTC staff will be available to take questions from the media.

Electronic toy manufacturer VTech Electronics Limited and its U.S. subsidiary have agreed to settle charges by the Federal Trade Commission that the company violated a U.S. children’s privacy law by collecting personal information from children without providing direct notice and obtaining their parent’s consent, and failing to take reasonable steps to secure the data it collected. VTech will pay $650,000 as part of the settlement with the FTC.

In a complaint filed by the Department of Justice on behalf of the FTC, the Commission alleges that the Kid Connect app used with some of VTech’s electronic toys collected the personal information of hundreds of thousands of children, and that the company failed to provide direct notice to parents or obtain verifiable consent from parents concerning its information collection practices, as required under the Children’s Online Privacy Protection Act (COPPA). In its first children’s privacy case involving Internet-connected toys, the FTC also alleges that VTech failed to use reasonable and appropriate data security measures to protect personal information it collected.

“As connected toys become increasingly popular, it’s more important than ever that companies let parents know how their kids’ data is collected and used and that they take reasonable steps to secure that data,” said Acting FTC Chairman Maureen K. Ohlhausen. “Unfortunately, VTech fell short in both of these areas.”

COPPA requires that companies collecting personal information from children under 13 online follow steps to ensure that children’s information is protected, including clearly disclosing to parents the information it collects, how the information will be used, and seeking verifiable parental consent. Companies also must take reasonable measures to protect the confidentiality, security and integrity of the personal information they collect about children.

According to the complaint against VTech, the company collected personal information from parents on its Learning Lodge Navigator online platform, where the Kid Connect app was available for download, and also through a now-defunct web-based gaming and chat platform called Planet VTech. Before using Kid Connect or Planet VTech, parents were required to register and provide personal information including their name, email address as well as their children’s name, date of birth and gender. VTech also collected personal information from children when they used the Kid Connect app.

As of November 2015, about 2.25 million parents had registered and created accounts with Learning Lodge for nearly 3 million children. This included about 638,000 Kid Connect accounts for children. In addition, about 134,000 parents in the United States created Planet VTech accounts for 130,000 children by November 2015.

With respect to Kid Connect, VTech failed to provide direct notice of its information collection and use practices to parents and did not link to its privacy policy in each area where personal information was collected from children.

At the same time, the complaint alleges that the company did not take reasonable steps to protect the information it collected through Kid Connect, such as implementing adequate safeguards and security measures to protect transmitted and stored information and implementing an intrusion prevention or detection system to alert the company of an unauthorized intrusion of its network. In November 2015, VTech was informed by a journalist that a hacker accessed its computer network and personal information about consumers including children who used its Kid Connect app.

The FTC also alleges that VTech violated the FTC Act by falsely stating in its privacy policy that most personal information submitted by users through the Learning Lodge and Planet VTech would be encrypted. The company, however, did not encrypt any of this information.

In addition to the monetary settlement, VTech is permanently prohibited from violating COPPA in the future and from misrepresenting its security and privacy practices as part of the proposed settlement. It also is required to implement a comprehensive data security program, which will be subject to independent audits for 20 years.

The FTC collaborated with the Office of the Privacy Commissioner of Canada, which is releasing its own Report of Findings. To facilitate cooperation with its Canadian partner, the FTC relied on key provisions of the U.S. SAFE WEB Act, which allows the FTC to share information with foreign counterparts to combat deceptive and unfair practices that cross national borders.

The Commission vote authorizing the staff to file the complaint and stipulated final order was 2-0. The complaint and stipulated final order was filed in the U.S. District Court for the Northern District of Illinois.

NOTE: The Commission files a complaint when it has “reason to believe” that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. Stipulated final orders have the force of law when approved and signed by the District Court judge.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Earlier this week, the Federal Trade Commission and Department of Education announced plans to hold a joint workshop on the application of the Children’s Online Privacy Protection Act (“COPPA”) and the Family Educational Rights and Privacy Act (“FERPA”) to educational technology products and services in the K-12 school environment. In advance of the workshop, the FTC and Department of Education are soliciting comments on several key questions regarding COPPA and FERPA compliance for educational technology p

Source: FTC and Department of Education Announce Joint Workshop on FERPA and COPPA Compliance for Ed Tech – Lexology

Email this to someoneShare on FacebookTweet about this on TwitterShare on Google+Share on TumblrDigg thisFlattr the authorShare on RedditShare on StumbleUponBuffer this page

The Federal Trade Commission has published a new guide that seeks to make compliance with the Children’s Online Privacy Protection Act (COPPA) as easy as 1, 2, 3, 4, 5, 6. Drawing from its detailed FAQs, the FTC has developed an even more streamlined, six-step DIY instruction manual designed for busy businesses that want a basic compliance document that can help them pinpoint areas in their data management flow that might require additional attention.

Source: Compliance with COPPA: So easy, even a kid can do it – Lexology

Email this to someoneShare on FacebookTweet about this on TwitterShare on Google+Share on TumblrDigg thisFlattr the authorShare on RedditShare on StumbleUponBuffer this page

The Federal Trade Commission (FTC) updated its guidance on the Children’s Online Privacy Protection Act (COPPA). COPPA and the FTC’s related COPPA Rules establish guidelines to protect children under the age of 13 as they access the internet. The recent updates issued by the FTC make it apparent that companies, when expanding their business offerings and product portfolios, must also ensure they are adequately protecting children in their potential use of these products and offerings. Specifically, [click for more]

Source: IoT Device Companies: Add COPPA to Your “To Do” Lists | Patrick Law Group, LLC – JDSupra

Email this to someoneShare on FacebookTweet about this on TwitterShare on Google+Share on TumblrDigg thisFlattr the authorShare on RedditShare on StumbleUponBuffer this page

Trying to keep pace with developments in internet-connected toys and other devices for children, the Federal Trade Commission (“FTC”) announced June 21, 2017 that it has updated its guidance, a “Six-Step Compliance Plan for Your Business,” for complying with the Children’s Online Privacy Protection Act (“COPPA”). COPPA is intended to help parents control what information is collected from young children. The FTC’s updated guidance, which is intended to help businesses understand when COPPA applies and how [click for more]

Source: Hey, Alexa: What’s New in Children’s Privacy?… FTC Updates COPPA Guidance | The National Law Review

Email this to someoneShare on FacebookTweet about this on TwitterShare on Google+Share on TumblrDigg thisFlattr the authorShare on RedditShare on StumbleUponBuffer this page

The FTC staff published today a “Six-Step Compliance Plan” for businesses to comply with the Children’s Online Privacy Protection Act (COPPA). The guidance, which provides a useful framework for businesses, states explicitly that COPPA applies to connected toys and other devices that collect personal information from children over the Internet.

Source: FTC Staff Publish COPPA Guidance for Businesses | The National Law Review

Email this to someoneShare on FacebookTweet about this on TwitterShare on Google+Share on TumblrDigg thisFlattr the authorShare on RedditShare on StumbleUponBuffer this page

All these years watching COPPA languish over the large enough to drive a truck through “Actual Knowledge” loophole I find out that I missed something big time. Go for the money not for the lawmakers.

 

Several advertisers have left YouTube after their ads were shown before clips of scantily clad children, a finding first reported by U.K.’s The Times.

Source: YouTube hit with ad defection over predatory child videos

Email this to someoneShare on FacebookTweet about this on TwitterShare on Google+Share on TumblrDigg thisFlattr the authorShare on RedditShare on StumbleUponBuffer this page

The Federal Trade Commission is providing additional guidance on how the Children’s Online Privacy Protection Rule applies to the collection of audio voice recordings by organizations covered by the law, which requires certain operators of commercial websites or online services to obtain parental consent before collecting personal information from children under 13.

The FTC updated the COPPA Rule in 2013, adding several new types of data to the definition of personal information, including a photograph, video or audio file that contains a child’s image or voice, to data already covered, such as a name, address or Social Security number. This update has prompted some questions about the application of this requirement when a child’s voice is collected for the sole purpose of instructing a command or request.

In a new policy enforcement statement, the FTC noted that the COPPA rule requires websites and online services directed at children to obtain verifiable parental consent before collecting an audio recording. The Commission, however, recognizes the value of using voice as a replacement for written words in performing search and other functions on Internet-connected devices.

The FTC will not take an enforcement action against an operator for not obtaining parental consent before collecting the audio file with a child’s voice when it is collected solely as a  replacement of written words, such as to perform a search or to fulfill a verbal instruction or request – as long as it is held for a brief time and only for that purpose.

The Commission noted that there are important limitations to this policy. The policy does not apply when the operator requests information via voice that would otherwise be considered personal information, such as a name. In addition, an operator must still provide clear notice of its collection and use of audio files and its deletion policy in its privacy policy. Also, the operator may not make any other use of the audio file before it is destroyed and the policy does not affect the operator’s COPPA compliance requirements in any other respect.

The Commission voted 2-0 to approve the new policy statement.

The FTC has actively enforced the COPPA Rule, bringing more than two dozen cases since it was first issued in 2000. Most recently, the FTC reached settlements with a mobile advertiser that deceptively tracked the locations of children without parental consent and against two app developers that allowed third-party advertisers to collect information about children without parental consent.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

1 2 3 20

January 2018
M T W T F S S
« Nov    
1234567
891011121314
15161718192021
22232425262728
293031  
business.ftc.gov | Your Link to the Law