coppa news


Parents be warned: some dating apps – like FastMeet, Meet24 and Meet4U – allow adults to find and communicate with children. Concerned parents should remove these apps if they’re on children’s devices. You also can set your kids’ devices so they must get parental approval before purchasing any new apps. Here are a few more things you should know.

By Lesley Fair

Where do entrepreneurs go if they’re long on ideas, but short on capital? In their short history, crowdfunding platforms have often been the financial sparkplug that ignites the engine of innovation. But some campaigners promote zealously and deliver zilch. According to the FTC, a company raised over $800,000 in four crowdfunding campaigns for a high-tech backpack and other items, but used a large portion of the money on personal expenses.

Read more >

Crowdfunding is one way to support a project you believe in and get rewards for that support. But the project you’re backing is only as good as the people behind it. Some dishonest people can take your money but produce nothing – no product, no project, and no reward.

The popularity of video streaming services has taken off in the past few years. It’s become easier to stream video through smart TVs, streaming boxes that connect to your not-so-smart TV, and even streaming sticks. These devices let you stream video through popular apps like Hulu, Netflix, SlingTV, Amazon Prime Video, and YouTube TV. Unfortunately, there are other apps that let you watch illegal pirated content. And hackers are using those apps to spread malware. Here’s what you need to know.

From the FTC.

Kids love to play dress-up, but parents wouldn’t want them rummaging through the attic or climbing to the top shelf of the wardrobe without permission and proper supervision. The website offered users – including children – a virtual way to play dress-up and design clothes without those potential dangers. But according to an FTC complaint, Unixiz, Inc., the company behind i-Dressup, violated the Children’s Online Privacy Protection Act in ways that created different kinds of risks.

COPPA puts two separate sets of protections in place to help keep parents in control of personal information collected from their kids online. First, COPPA-covered companies must clearly disclose their information policies and get parental consent before collecting personal information from children under 13. Second, companies must provide reasonable and appropriate security for the data they collect. According to an FTC settlement, i-Dressup fell short on both COPPA requirements.

The complaint alleges i-Dressup failed to provide sufficient notice on its site of the information it collected online from kids, how it used it, its disclosure practices, and other specifics required by the COPPA Rule. The company’s direct notices to parents were deficient, too. Among other things, they didn’t include the COPPA-required statement that if parents don’t provide consent within a reasonable time, i-Dressup will delete their online contact information from its records. Stick with the story because that failure turned out to be particularly troubling.

In addition to letting users play online games, i-Dressup featured a community where they could “explore their creativity and fashion sense with unique personal profiles” and interact with others. To register, i-Dressup required people to submit a user name, password, birthdate, and email address. If the birthdate indicated the person was under 13, the email field changed to “Parent’s Email.” Once the under-13 user filled in the required fields and clicked “Join Now,” i-Dressup collected the personal information and sent a message to the address entered into the Parent’s Email field. The person receiving the email could consent by clicking the “Activate Now!” button.

However, if the parent didn’t give consent, i-Dressup retained the personal information it had collected from the child online. The FTC says the company’s failure to delete that information violated Section 312.5(c)(1) of the COPPA Rule.

In addition to violating COPPA’s parental consent provisions, i-Dressup allegedly violated the Rule’s data security requirements. According to the FTC, i-Dressup stored and transmitted users’ personal information (including passwords) in plain text. In addition, the company failed to perform network vulnerability testing of its network, even for well-known threats like SQL attacks; it didn’t implement an intrusion detection and prevention system; and it didn’t monitor for potential security incidents. The upshot? The company learned that a hacker had gained entry to its network and accessed information about 2.1 million users, including approximately 245,000 users who indicated they were under 13.

To settle the case, i-Dressup and its owners will pay a $35,000 civil penalty. They’re also prohibited from violating COPPA in the future, and can’t sell, share, or collect any personal information until they implement a comprehensive data security program and get independent biennial assessments. In addition, they’ll have to provide the FTC with an annual certification of compliance.

The message for sites and operators covered by COPPA is that an effective system of parental consent is only the first step toward compliance. Section 312.8 of the COPPA Rule also requires you to “establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.”

Interested in data security issues? Read an accompanying Commission statement and learn more about another FTC action announced today.

Email this to someoneShare on FacebookTweet about this on TwitterShare on Google+Share on TumblrDigg thisFlattr the authorShare on RedditShare on StumbleUponBuffer this page
By Lesley Fair

Kids love to play dress-up, but parents wouldn’t want them rummaging through the attic or climbing to the top shelf of the wardrobe without permission and proper supervision. The website offered users – including children – a virtual way to play dress-up and design clothes without those potential dangers.

Read more >
By Lesley Fair

Suppose a lunch companion says, “I think there’s something wrong with this tuna salad.” To determine if the problem is tuna not to their taste vs. tuna gone bad, would you scarf it down? Probably not. Now remove tuna salad from the example and substitute a web browser extension. (Stay with us here.) Let’s say you’ve been warned that an unknown extension could be used for fraud. Should you download it and let it marinate in your company’s network?

Read more >

Online games and websites for kids are everywhere these days – to the point that it’s commonplace to see toddlers playing with them, too. And while the internet has positive ways for kids to explore and learn, privacy concerns are lurking. To help protect children’s privacy, the FTC enforces the Children’s Online Privacy Protection Act (COPPA), which requires websites and online services to get consent from parents before collecting personal information from kids younger than 13.

October 2020
« May    
262728293031 | Your Link to the Law