Skip to main content

After Review, CARU Finds Snapchat Compliant with COPPA



In a recent decision, CARU found Snap Inc.’s (Snap) Snapchat app to be compliant with both the CARU Guidelines and the Children's Online Privacy Protection Act (COPPA). 
“The company goes beyond minimal procedures to prevent under-age use” CARU stated. CARU determined that Snapchat is an app directed to a general audience, not intended for use by children. In reaching this conclusion, CARU considered that Snap’s Terms of Service clearly prohibit users under 13 years of age and makes no effort to market the app to children or provide them with an appealing user experience. 
With that understanding, Snapchat is permitted under the Guidelines and Children’s Online Privacy Protection Act (“COPPA”) to age-gate and block children under 13 from using its services, which it does. CARU then examined whether Snapchat does so effectively.
CARU observed that Snapchat utilizes age-gates and many safeguards to ensure that if children manage to breach the existing age-gates, they will not be able to remain active on the app. Additionally, all app features that touch personal data are vetted collaboratively through the legal team, product engineers, and trust and safety representatives to assure that children don’t use the app and that the company stays compliant with COPPA’s guidelines.
“Age-gates are one piece of the larger compliance scheme. The cost of doing business in the kids space is implementing privacy-by-design and having a robust plan in place. This is not to say that age-gates should not be implemented. On the contrary, what we are saying is that we can do better and we should try to do better than the minimum bar. We don’t want to eliminate the use of age-gates, we want to see them used as part of a larger system to keep children safe on the internet,” says Dona Fraser, CARU’s vice president. 
CARU believes companies that go beyond the low bar of age-gating to incorporate privacy-by-design and systematic procedures of trust and safety should be given due consideration regarding their efforts toward COPPA compliance. Where companies have a comprehensive culture of privacy, good faith efforts may outweigh strict adherence to principles that may have outlived their utility in certain instances.
For more information about CARU’s decision please visit the press release about CARU's decision regarding Snapchat.

Popular posts from this blog

CARU Director, Dona J. Fraser to Speak at The Future of the COPPA Rule: An FTC Workshop

The Federal Trade Commission recently announced its agenda for its upcoming workshop: The Future of the Children's Online Privacy Protection Act (COPPA). The Children's Advertising Review Unit (CARU) was thrilled that its director, Dona J. Fraser was invited to speak on a panel about such an important topic. CARU is not only a safe harbor provider under COPPA but it was the first program to be deemed with the honor.

The COPPA Workshop will be held on October 7, 2019, at the Constitution Center, 400 7th St., SW, Washington, DC, and is free and open to anyone who wishes to join.  For those not in the area, the event will be webcast live via the FTC's website.
About the COPPA Workshop The Future of the COPPA Rule: An FTC Workshop will examine whether to update the COPPA Rule in light of evolving business practices in the online children’s marketplace, including the increased use of Internet of Things devices, social media, educational technology, and general audience platform…

CARU Submits Comments on the FTC COPPA Rule Review

The Federal Trade Commission (“FTC” or “Commission”) recently requested public comment on its implementation of the Children's Online Privacy Protection Act (“COPPA”), through the Children's Online Privacy Protection Rule (“COPPA Rule” or “the Rule”).

The Commission generally reviews its Rules every ten years to ensure that they have kept up with changes in the marketplace, technology, and business models. Although the Commission's last COPPA Rule review ended in 2013, the Commission decided to conduct its ten-year review early because of questions that have arisen about the Rule's application to the educational technology sector, to voice-enabled connected devices, and to general audience platforms that host third-party child-directed content. In addition to requesting comment on these issues, the Commission requested comments on the costs and benefits of the Rule, as well as on whether certain sections should be retained, eliminated, or modified.

After thoughtful co…

i-Dressup Shuts Down in Wake of Privacy Breach and COPPA Violation

I-Dressup, a fashion-themed social website for teens, has completely shut down as part of a settlement with the New Jersey Department of Consumer Affairs, following a massive privacy breach and violations of the federal Children's Online Privacy Protection Act (COPPA) and New Jersey state law. In September 2016, a hacker sent 2.2 million i-Dressup account credentials to technology blog Arstechnica as well as to haveibeenpwned.com, a searchable online database of data breaches.

Responding to the news, New Jersey investigators discovered that 2,519 of the compromised accounts belonged to New Jersey children below age 13. I-Dressup, allegedly aware that it had child users, had violated COPPA by failing to obtain verifiable parental consent prior to collecting and processing personal information from the children, including first and last names and email addresses. In a consent decree with the New Jersey Attorney General Gurbir Gerwal, parent company Unixiz has closed i-Dressup, agre…