coppa news
  

FTC Bot

RSS feed from the Federal Trade Commission filtered for COPPA only. For full feed see: http://www.ftc.gov/rss/

Company Will Pay $950,000 For Tracking Children Without Parental Consent

Singapore-based mobile advertising company InMobi will pay $950,000 in civil penalties and implement a comprehensive privacy program to settle Federal Trade Commission charges it deceptively tracked the locations of hundreds of millions of consumers – including children – without their knowledge or consent to serve them geo-targeted advertising.

The FTC alleges that InMobi mispresented that its advertising software would only track consumers’ locations when they opted in and in a manner consistent with their device’s privacy settings. According to the complaint, InMobi was actually tracking consumers’ locations whether or not the apps using InMobi’s software asked for consumers’ permission to do so, and even when consumers had denied permission to access their location information.

The FTC alleges that InMobi, whose advertising network has reached more than one billion devices worldwide through thousands of popular apps, offers multiple forms of location-based advertising to its customers, including the ability to serve ads to consumers based on their current locations, locations they visit at certain times, and on their location over time.

“InMobi tracked the locations of hundreds of millions of consumers, including children, without their consent, in many cases totally ignoring consumers’ express privacy preferences,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “This settlement ensures that InMobi will honor consumers’ privacy choices in the future, and will be held accountable for keeping their privacy promises.”

The complaint alleges that inMobi created a database built on information collected from consumers who allowed the company access to their geolocation information, combining that data with the wireless networks they were near to document the physical location of wireless networks themselves. InMobi then would use that database to infer the physical location of consumers based on the networks they were near, even when consumers had turned off location collection on their device.

The FTC alleges that InMobi also violated the Children’s Online Privacy Protection Act (COPPA) by collecting this information from apps that were clearly directed at children, in spite of promising that it did not do so. The complaint noted that InMobi’s software tracked location in thousands of child-directed apps with hundreds of millions of users without following the steps required by COPPA to get a parent or guardian’s consent to collect and use a child’s personal information.

Under the terms of its settlement with the FTC, InMobi is subject to a $4 million civil penalty, which is suspended to $950,000 based on the company’s financial condition. In addition, the company will be required to delete all information it collected from children, and will be prohibited from further violations of COPPA.

In addition, InMobi will be prohibited from collecting consumers’ location information without their affirmative express consent for it to be collected, and will be required to honor consumers’ location privacy settings. The company will also be required to delete the location information of consumers it collected without their consent and will be prohibited from further misrepresenting its privacy practices. The settlement also will require InMobi to institute a comprehensive privacy program that will be independently audited every two years for the next 20 years.

The Commission vote to authorize the staff to refer the complaint to the U.S. Department of Justice and to approve the proposed stipulated order was 3-0. The DOJ filed the complaint and proposed stipulated order on behalf of the Commission in U.S. District Court for the Northern District of California.

NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. Stipulated orders have the force of law when approved and signed by the District Court judge.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357).  Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Companies’ Apps Shared Kids’ Information with Ad Networks; Will Pay $360K In Civil Penalties

Two app developers will pay a combined $360,000 in civil penalties as part of settlements with the Federal Trade Commission over charges they violated the Children’s Online Privacy Protection Act, or COPPA, Rule.

The terms of the settlements with LAI Systems, LLC, and Retro Dreamer, require the defendants to pay civil penalties and  comply with the requirements of COPPA in the future.

“It’s vital that companies understand the rules of the road when it comes to handling children’s personal information online,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “These cases make it clear that we’re closely watching this space to ensure children’s privacy online is being protected.”

These cases are the first in which the FTC alleged that companies allowed advertisers to use persistent identifiers to serve advertising to children. Persistent identifiers – pieces of data that are tied to a particular user or device – were among the categories added to the COPPA Rule’s definition of personal information when it was updated in 2013.

LAI Systems

In its complaint against LAI Systems, LLC, the FTC alleged that the company created a number of apps directed to children, including My Cake Shop, My Pizza Shop, Hair Salon Makeover, Friday Night Makeover, Marley the Talking Dog and Animal Sounds. According to the FTC’s complaint, the defendant allowed third-party advertisers to collect personal information from children in the form of persistent identifiers. Defendant failed to inform the ad networks that the apps were directed to children and did not provide notice or get consent from children’s parents for collecting and using the information.

The settlement with LAI Systems prohibits the company from further violations of the COPPA Rule, and requires the company to pay a $60,000 civil penalty.

Retro Dreamer

In its complaint against Retro Dreamer, and its principals, Craig E. Sharpe and Gavin S. Bowman, the FTC alleged that the company created a number of apps targeted to children, including Ice Cream Jump, Happy Pudding Jump, Ice Cream Drop, Sneezies, Wash the Dishes, Cat Basket and Tappy Pop.

The defendants in this case, according to the complaint, allowed third-party advertisers to collect children’s personal information through the apps. One advertising network over the course of 2013 and 2014 specifically warned the defendants about the obligations of the revised COPPA Rule, and also told the defendants that certain of their apps appeared to be targeted to children under the age of 13.

The settlement with Retro  Dreamer, Sharpe and Bowman prohibits the defendants from further violations of the COPPA Rule, and requires the defendants to pay a $300,000 civil penalty.

The Commission votes to authorize the staff to refer the complaints to the Department of Justice, and to approve the proposed stipulated civil penalty orders, were 4-0. The DOJ filed the complaints and proposed stipulated orders on behalf of the Commission in U.S. District Court for the Central District of California on Dec. 17, 2015.

NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. Stipulated orders have the force of law when signed by the District Court judge.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

The Federal Trade Commission has approved a new method for companies to get parents’ consent for their children to access online services covered by the Children’s Online Privacy Protection Act (COPPA) Rule. Based on an application submitted by Riyo, Inc., the Commission has approved the use of “face match to verified photo identification” (FMVPI) as a method to verify that the person providing consent for a child to use an online service is in fact the child’s parent. Under the COPPA Rule, online sites and services directed at children must obtain permission from a child’s parents before collecting personal information from that child. The rule lays out a number of acceptable methods for gaining parental consent, but also includes a provision allowing interested parties to submit new verifiable parental consent methods to the Commission for approval. FMVPI is a two-step process. In the first step, a parent provides an image of their photo identification, such as a passport or driver’s license. The authenticity and legitimacy of the document is then verified using various technologies that analyze the image to ensure that it is an authentic government-issued identification. In a second step, the parent is then prompted to provide a picture of themselves taken with a phone or web camera, which is analyzed to confirm that the photo is of a live person and not a photo of a still photo. The image is then compared to the identification photo using facial recognition technology to confirm whether the person submitting the photo is the one in the identification.  The process includes certain privacy safeguards such as requiring encryption and prompt deletion of any personal information that is collected. The Commission vote to issue the letter and accept FMVPI as an acceptable verifiable parental consent method was 4-0. The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

The Federal Trade Commission is seeking public comment on a proposed verifiable parental consent method that Riyo has submitted for Commission approval under the agency’s Children’s Online Privacy Protection Rule.

Under the rule, online sites and services directed at children must obtain permission from a child’s parents before collecting personal information from that child. The rule lays out a number of acceptable methods for gaining parental consent, but also includes a provision allowing interested parties to submit new verifiable parental consent methods to the Commission for approval.

In a Federal Register notice to be published shortly, the FTC is seeking public comment about the proposed Riyo verifiable parental consent method including whether the proposed method is already covered by existing methods under the rule and whether it meets the rule’s requirement that it be reasonably calculated to ensure that the person providing the consent is actually the child’s parent. The Commission also seeks comment on whether the program poses a risk to consumers’ information and whether that risk is outweighed by the benefits of the program. The comment period will last until Sept. 3, 2015.

NOTE: Publication of this Federal Register notice does not indicate Commission approval of the program. The Commission has 120 days to review proposed verifiable parental consent methods and must set forth its conclusions in writing.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them.  To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357).  The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad.  The FTC’s website provides free information on a variety of consumer topics.  Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

After a public comment period, the Federal Trade Commission has approved a final order resolving the Commission’s complaint against TRUSTe, Inc. for deceiving consumers about its privacy seal program.

The settlement was first announced in November 2014. In its complaint, the FTC alleged that TRUSTe failed to conduct promised annual recertifications of companies participating in its privacy seal program more than 1,000 times between 2006 and 2013. The complaint also alleged that TRUSTe misrepresented its status as a non-profit entity.

Under the terms of the order, TRUSTe is prohibited from making misrepresentations about its certification process, its corporate status, or whether an entity participates in its programs. In addition, TRUSTe must not provide other companies or entities with the means to make misrepresentations about these facts, such as through incorrect or inaccurate model language.

The order also requires the company in its role as a COPPA safe harbor to provide detailed information about its COPPA-related activities in its annual filing to the FTC, as well as maintaining comprehensive records about its COPPA safe harbor activities for ten years. Each of these provisions represents an increase in the reporting requirements laid out under the COPPA Rule for safe harbor programs. The company must also pay $200,000 as part of the settlement.

The Commission vote to approve the final order and letters to commenters was 5-0.  

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

Following a public comment period and review of AgeCheq, Inc.’s initial proposed Children’s Online Privacy Protection (COPPA) Rule verifiable parental consent method, the Federal Trade Commission has denied the company’s application. 

In its application, AgeCheq proposed a real-time common consent mechanism, which conducts identity verification in two ways. The first method of verifying parental identity involves a financial transaction. The second method involves the parent printing, signing, and returning a declaration form to AgeCheq. In a letter to AgeCheq, the FTC stated that the company’s proposed mechanism  uses methods that  have already been recognized as a valid means of obtaining verifiable parental consent in the Rule. The FTC’s letter also states that companies are free to develop common consent mechanisms without Commission approval.

AgeCheq recently proposed a different verifiable parental consent method, which is currently open for public comment.

Under the COPPA Rule, online sites and services directed at children under 13, and general audience sites or services that knowingly collect, use, or disclose personal information from children under 13, must obtain permission from a child’s parents before collecting personal information from that child. The rule lays out a number of acceptable methods for gaining parental consent, but also includes a provision allowing interested parties to submit new verifiable parental consent methods to the Commission for approval. Approved methods may be used by any company, not just the particular applicant requesting approval of the method.

The Commission vote to deny AgeCheq’s application and issue the letter was 5-0.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

CORRECTED: The deadline for comment related to this matter is Dec. 29, 2014. The release previously listed an earlier date.

The Federal Trade Commission is seeking public comment on a proposed verifiable parental consent method that AgeCheq, Inc., has submitted for Commission approval under the agency’s Children’s Online Privacy Protection Rule.

Under the rule, online sites and services directed at children under 13, and general audience sites or services that knowingly collect, use, or disclose personal information from children under 13, must obtain permission from a child’s parents before collecting personal information from that child. The rule lays out a number of acceptable methods for gaining parental consent, but also includes a provision allowing interested parties to submit new verifiable parental consent methods to the FTC for approval.

In a Federal Register notice to be published shortly, the FTC is seeking public comment about the proposed AgeCheq verifiable parental consent method.  Specifically, the Commission seeks comments on: whether the proposed method is already covered by the existing methods included in the rule; whether it meets the rule’s requirement that it be reasonably calculated to ensure that the person providing the consent is actually the child’s parent; and whether the program poses a risk to consumers’ information and, if so, whether that risk is outweighed by the benefits of the program. The comment period will last until Dec. 29, 2014.

This is AgeCheq’s second proposed verifiable parental consent method submitted to the Commission. The first is currently under review by the Commission.

NOTE: Publication of this Federal Register notice does not indicate Commission approval of the program. The Commission has 120 days to review proposed verifiable parental consent methods and must set forth its conclusions in writing.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them.  To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357).  The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad.  The FTC’s website provides free information on a variety of consumer topics.  Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

Online review site Yelp, Inc., and mobile app developer TinyCo, Inc., agreed to settle separate Federal Trade Commission charges that they improperly collected children’s information in violation of the Children’s Online Privacy Protection Act, or COPPA, Rule. Under the terms of the settlements, Yelp will pay a $450,000 civil penalty, while TinyCo will pay a $300,000 civil penalty.

“As people – especially children – move more of their lives onto mobile devices, it’s important that they have the same consumer protections when they’re using an app that they have when they’re on a website,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “Companies should take steps as they build and test their apps to make sure that children’s information won’t be collected without a parent’s consent.”

COPPA requires that companies collecting information about children under 13 online follow a number of steps to ensure that children’s information is protected, including clearly disclosing how the information is used directly to parents and seeking verifiable parental consent before collecting any information from a child.

Yelp, Inc.

The FTC’s complaint against Yelp alleges that, from 2009 to 2013, the company collected personal information from children through the Yelp app without first notifying parents and obtaining their consent. When consumers registered for Yelp through the app on their mobile device, according to the complaint, they were asked to provide their date of birth during the registration process.

According to the complaint, several thousand registrants provided a date of birth showing they were under 13 years old, and Yelp collected information from them including, for example, their name, e-mail address, and location, as well as any information that they posted on Yelp.

The FTC’s complaint alleges that Yelp failed to follow the COPPA Rule’s requirements, even though it knew – based on registrants’ birth dates – that children were registering for Yelp through the mobile app. According to the complaint, Yelp failed to implement a functional age-screen in its apps, thereby allowing children under 13 to register for the service, despite having an age-screen mechanism on its website. In addition, the complaint alleges that Yelp did not adequately test its apps to ensure that users under the age of 13 were prohibited from registering.

In addition to the $450,000 civil penalty, under the terms of its settlement with the FTC, Yelp must delete information it collected from consumers who stated they were 13 years of age or younger at the time they registered for the service, except in cases where the company can prove to the FTC that the consumers were actually older than 13.

The settlement will also require the company to comply with COPPA requirements in the future and submit a compliance report to the FTC in one year outlining its COPPA compliance program.

TinyCo, Inc.

The FTC’s complaint against TinyCo alleges that many of the company’s popular apps, which were downloaded more than 34 million times across the major mobile app stores, targeted children. Among the apps named in the complaint are Tiny Pets, Tiny Zoo, Tiny Monsters, Tiny Village and Mermaid Resort. The complaint alleges that the apps, through their use of themes appealing to children, brightly colored animated characters and simple language, were directed at children under 13 and thus, TinyCo was subject to the COPPA Rule.

Many of TinyCo’s apps included an optional feature that collected e-mail addresses from users, including children younger than age 13. In some of the company’s apps, by providing an e-mail address, users obtained extra in-game currency that could be used to buy items within the game or speed up gameplay. The FTC’s complaint alleges that the company failed to follow the steps required under the Rule related to the collection of children’s personal information.

In addition to the $300,000 civil penalty, under the terms of its settlement with the FTC, TinyCo is required to delete the information it collected from children under 13. The settlement will also require the company to comply with COPPA requirements in the future and submit a compliance report to the FTC in one year outlining its compliance with the order.

The Commission vote to authorize the staff to refer the complaints to the Department of Justice, and to approve the proposed stipulated orders, was 5-0. The DOJ filed the complaints and proposed stipulated orders on behalf of the Commission in U.S. District Court for the Northern District of California on Sept. 16, 2014. The proposed stipulated orders are subject to court approval.

NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. Stipulated orders have the force of law when signed by the District Court judge.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

The Federal Trade Commission is seeking public comment on a proposed verifiable parental consent method that AgeCheq, Inc., has submitted for Commission approval under the agency’s Children’s Online Privacy Protection Rule.

Under the rule, online sites and services directed at children must obtain permission from a child’s parents before collecting personal information from that child. The rule lays out a number of acceptable methods for gaining parental consent, but also includes a provision allowing interested parties to submit new verifiable parental consent methods to the Commission for approval.

In a Federal Register notice to be published shortly, the FTC is seeking public comment about the proposed AgeCheq verifiable parental consent method; whether the proposed method is already covered by the existing methods included in the rule and whether it meets the rule’s requirement that it be reasonably calculated to ensure that the person providing the consent is actually the child’s parent. The Commission also seeks comment on whether the program poses a risk to consumers’ information and whether that risk is outweighed by the benefits of the program. The comment period will last until Sept. 30, 2014.

NOTE: Publication of this Federal Register notice does not indicate Commission approval of the program. The Commission has 120 days to review proposed verifiable parental consent methods and must set forth its conclusions in writing.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them.  To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357).  The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad.  The FTC’s website provides free information on a variety of consumer topics.  Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.

Following a public comment period, the Federal Trade Commission has approved the Safe Harbor Program of iKeepSafe, also known as the Internet Keep Safe Coalition, as a safe harbor oversight program under the Children’s Online Privacy Protection Act (COPPA) and the agency’s COPPA Rule.

The Commission’s COPPA Rule requires operators of online sites and services directed at children under the age of 13 to provide notice and obtain permission from a child’s parents before collecting personal information from that child. The COPPA safe harbor provision promotes flexibility and efficiency by encouraging industry members and others to develop their own COPPA oversight programs, known as “safe harbor” programs.

Website operators that participate in an approved COPPA safe harbor program will, in most circumstances, be subject to the review and disciplinary procedures provided in the safe harbor’s guidelines in lieu of formal FTC investigation and law enforcement.

The COPPA law directs the Commission to review proposals to create new oversight programs.  The Commission determined that the iKeepSafe safe harbor program provides “the same or greater protections for children” as those contained in the COPPA Rule; effective mechanisms to assess operators’ compliance; effective incentives for operators’ compliance with the guidelines; and an adequate means for resolving consumer complaints.

The Commission vote to approve the iKeepSafe safe harbor application was 5-0.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.


July 2017
M T W T F S S
« Jun    
 12
3456789
10111213141516
17181920212223
24252627282930
31  
business.ftc.gov | Your Link to the Law