Recent research commissioned by the Campaign for a Commercial-Free Childhood and the Center for Digital Democracy allege that the Echo Dot Kids Edition's privacy practices violate the  Children’s Online Privacy Protection Act (COPPA), a federal law protecting the personal information of people under 13. The industry groups lodged the complaint with the Federal Trade Commission (FTC) arguing that amongst other things, Amazon fails to obtain proper parental consent to use children's data. You can read a copy of the Echo Kids Privacy complaint online. 

After CARU recommended that Facebook, Inc. modify its mobile app to improve its mechanism to prevent underage users from circumventing the age screen, Facebook complied and made the necessary changes. Historically websites have used session cookies to prevent children from going back and changing their age, but until CARU examined its mobile app, Facebook did not implement a mechanism to prevent children from circumventing the age screen. Previously on the app, when a registrant entered a birthday corresponding to an age younger than 13, a message denied registration. However, the registrant was immediately able to change the originally-entered date of birth and continue attempts until a valid age was chosen that allowed registration. Although mobile technology is still developing and companies are working hard to adapt traditional privacy principles to this new age, CARU Director, Dona J. Fraser said, “We are pleased that Facebook now becomes the first company working with CARU t...

The Federal Trade Commission (FTC) closed a recent case with i-Dressup.com. i-Dressup.com settled with the FTC to pay $35,000 for making two major violations with the Children's Online Privacy Protection Act (COPPA). The website invited users, including children, to play virtual dress-up games, design clothes and decorate their online space. Users were able to create personal profiles and interact with others. The FTC found that the site collected personal information from children without obtaining parental consent. The FTC also held that i-Dressup failed to provide appropriate security measures for users' data. Interestingly, the case also individually named the CEO and Secretary of the company. For more information, visit the FTC's Press Release regarding i-Dressup.com about this case or the FTC's Blog .

1998: A Concern for Children’s Privacy Was Born From the moment home computers had the capacity to connect to the Internet, children had the ability to use these technologies to access online websites and services. In the 1990s, concerns about children’s privacy and safety online arose amid fears of marketing practices around selling children’s personal information and exposing children’s information to predators. The Children’s Advertising Review Unit (CARU), founded in 1974, has always been on the forefront of safeguarding children’s privacy. CARU is the self-regulatory arm of the children’s advertising industry, tasked with promoting truth in children’s advertising by reviewing and evaluating child-directed ads in all media to ensure they are truthful, accurate and appropriate. CARU also monitors online privacy practices as they affect children. Before there was any legislation on the matter, CARU monitored a burgeoning Internet and observed how children’s privacy and sa...

The CARU Conference was held this year in Marina del Rey, California (just 15 minutes from LAX Airport) at the Ritz-Carlton hotel. We kicked the day off with a movie screening of Screenagers , the award-winning film that explores family life and the struggles over social media, video games and academics. The movie shares challenges of parenting in a digital world and solutions for how to help kids safely navigate the issues. Later in the day, the film’s star and director, Delaney Ruston shared her own messy, personal experiences. While it’s true that too much screen time can have adverse effects on brain development, it’s also true that prosocial games and media can encourage kids’ good behavior as well. Dr. Ruston hopes that her film will spark a movement—that this film will get families talking about how they can aspire to lead more balanced lives. She thinks industry is up to the task and challenged them to create more cool and prosocial content.   Our first keynote s...

On February 21, 2019, more than a dozen child advocacy groups sent a complaint to the Federal Trade Commission (FTC) calling for an investigation as to whether Facebook has engaged in unfair or deceptive practices in violation of Section 5 of the Federal Trade Commission Act and the Children’s Online Privacy Protection Act (COPPA). Advocates filed the complaint in response to unsealed documents from a 2012 class action lawsuit against Facebook, in which the technology giant was accused of targeting children to expand revenue for online games. Though the class action settled in 2016, advocates believe more needs to be done, especially to ensure that Facebook doesn’t take advantage of children and their parents in the future.  Internal Facebook memos, secret strategies, and employee emails were among the 135 pages of documents unsealed from the 2012 lawsuit.  They allegedly revealed that the company knowingly deceived children into making in-game purchases and crafted an e...

Today, February 27, 2019, the FTC issued the largest civil penalty ever obtained on a children’s privacy case. Musical.ly (now called TikTok) has agreed to pay $5.7 million to settle the Federal Trade Commission's (FTC’s) complaint that the company illegally collected personal information from children. Musical.ly also agreed to comply with Children Online Privacy Protection Act (COPPA) going forward and to take down all videos made by children under the age of 13. Musical.ly’s platform allowed users to create and post short videos lip-syncing to music, as well as communicate with other users in the social network. All users were required to provide a first and last name, email address, phone number, profile picture, and biography to register for the app. The company had knowledge that a significant portion of its users were under 13 years old. The FTC learned of the issues when CARU referred the matter to the FTC last spring. In its complaint, the FTC claimed that th...

The Children’s Online Privacy Protection Act (COPPA) took effect in April 2000, back at a time when social media, smartphones, and Big Tech were just a twinkle in our eyes. As we approach the 20th anniversary of COPPA, a coalition of bipartisan senators are pushing for reform in light of Facebook’s controversial Project Atlas research app, which “paid users as young as 13 for sweeping access to their phones to gain insight into their habits to inform future product decision.” Read more in Cat Zakrzewski’s article in the Washington Post . COPPA protects children under 13, but given the fact that older children and teens do not fully understand the ramifications of consenting to a company’s privacy policy, legislators are pushing to expand and update federal legislation protecting children’s digital privacy. A federal standard would ensure companies stay consistent in operating nationwide or international business, as other jurisdictions have taken broader action than current U.S. ...

Data Privacy Day (January 28th) is an international effort to empower individuals to take ownership of their online presence and inspire businesses to respect privacy. To celebrate, we’re sharing tips companies and small business can use to help ensure that a website or online service complies with COPPA. 1.    Draft Your Own Privacy Policy You would be surprised how many companies cut and paste other privacy policies or templates. Unfortunately, privacy is not a one-size-fits-all type of situation. You need to draft a policy for your site or service that accurately reflects your specific privacy practices or you render the document useless. Make sure you include everything that applicable laws require. But be straight and to the point. The FTC frowns upon including unrelated or confusing information, which serves only to misdirect readers’ attention from what is important. 2.    Shout it From the Rooftop Make sure that all your third-party service providers...

Oath, a Verizon subsidiary that is an ad tech division created from the merging of AOL and Yahoo, just agreed to pay nearly $5 million to settle charges with the New York Attorney General's office.  The company's advertising practices online were said to have violated the Children's Online Privacy Protection Act (COPPA). This is the largest penalty  a company has agreed to pay since COPPA was enacted in 1998. COPPA requires companies to obtain verifiable parental consent before collecting children's personal information. According to Barbara D. Underwood, New York's attorney general, "AOL flagrantly violated the law--and children's privacy..." The New York Times reported that AOL, through its ad exchange was placing targeted ads on hundreds of websites that it knew were directed to children under 13. The ads were chosen by utilizing personally identifiable information of children, in violation of COPPA. Visit the New York Times online for fur...

Commemorating the twentieth year since the Children’s Online Privacy Protection Act (COPPA) was signed into law on October 21, 1998, the Hill released an op-ed reflecting on the Act’s passage as the only existing Federal privacy law last week. Kathryn C. Montgomery and Jeff Chester, the writers of the op-ed, advocated for COPPA’s enactment and spearheaded the campaign to have it signed into law. Chester is the Executive Director of the Center for Digital Democracy, while Montgomery is Professor Emerita at American University’s School of Communication in Washington D.C. The piece presented four key takeaways that the authors believe may be helpful in future policy and legislative efforts regarding online privacy. First, because the Internet’s business model is centered on collection of personal information to be used for marketing purposes, government regulation was necessary, especially in protecting children’s privacy. Second, as advocates and policymakers pushed for privacy ...

I-Dressup, a fashion-themed social website for teens, has completely shut down as part of a settlement with the New Jersey Department of Consumer Affairs, following a massive privacy breach and violations of the federal Children's Online Privacy Protection Act (COPPA) and New Jersey state law. In September 2016, a hacker sent 2.2 million i-Dressup account credentials to technology blog Arstechnica as well as to haveibeenpwned.com, a searchable online database of data breaches. Responding to the news, New Jersey investigators discovered that 2,519 of the compromised accounts belonged to New Jersey children below age 13. I-Dressup, allegedly aware that it had child users, had violated COPPA by failing to obtain verifiable parental consent prior to collecting and processing personal information from the children, including first and last names and email addresses. In a consent decree with the New Jersey Attorney General Gurbir Gerwal, parent company...

The Federal Trade Commission has granted approval for a new method that companies can use to obtain verifiable parental consent under the Children's Online Privacy Protection Act (COPPA) Rule. Riyo Verified Ltd. uses a "face match to verified photo identification" (FMVPI) as a method to verify that the person offering consent for a child is indeed that child's parent. FMVPI is a two-step process where a parent first provides an image of their photo identification (like a driver's license), which is legitimized using various technologies to ensure it is authentic. In the second step, the parent then provides a photo of themselves with a phone or web camera. This photo is then analyzed to confirm that the live person is indeed a live person and that the photo is the same person in the identification. To learn more about this new method, visit the FTC's website .

Last week, Allison Fitzpatrick from Davis & Gilbert LLP wrote an article in Ad Age essentially warning folks that it's not just the apps and websites targeting children that need to worry about the FTC and other regulators when it comes to children's privacy. Although the Children's Online Privacy Protection Act (COPPA) revisions went into effect all the way back in July 2013, it was generally understood that there was a bit of a grace period as companies grappled with how to implement changes that at the time much of the industry did not entirely grasp. However, it seems clear that in the coming year, that grace period has ended and that the FTC may be increasing its actions not only exclusively in the child space anymore but also in a more overlapping gray area where companies may not expect it. In the article, Fitzpatrick has several predictions for 2015, which include more COPPA actions on a state level, COPPA actions that no longer apply to only child-direct...

CARU's annual conference is happening next week on Wednesday October 1st at the Ritz-Carlton New York, Battery Park . CARU believes that if there is one conference to attend this year about children's marketing, this is it. With so much  happening right now in the children's marketing industry, you can't afford not to be a part of the discussion.   Expert panelists will consider challenging issues facing the Children's Advertising Industry, focusing on how online and mobile technology has changed the way companies market their products to children in the US and abroad. A significant emphasis will be placed on the modifications to the FTC's COPPA Rule, including discussions on how companies are implementing new practices to comply with these changes in their online and mobile marketing. Panelists will also discuss  strategies for utilizing online interest-based advertising and other third party initiatives while maintaining legal and regulatory complianc...

It's no secret the Children's Online Privacy Protection Act can be a little confusing. To clarify some of the law's more difficult nuances the FTC published the COPPA FAQs several years ago. The FTC is constantly updating the FAQs as the law evolves with new technologies. Today, the COPPA FAQs have been updated again in an effort to help companies better understand COPPA's fine details. The updates address acceptable methods of verifiable parental consent. Changes can be found in FAQs H.5 and H.10, and there is also a new FAQs are located  at H.16.  You can find the new COPPA FAQs on the FTC Website . 

It's that time of year again: CARU's 4th  Annual West Coast Conference:  Marketing to Children in a Digital Landscape. The conference is going to be held   May 7th, 2014 at  The Beverly Hilton  in Los Angeles, CA. Hear from the experts about the legal and practical challenges posed by implementing the FTC's new Children’s Privacy Regulations as they apply to Apps, social media, websites and more. Panelists will examine domestic and global challenges to self-regulation of advertising to children including social media, mobile marketing, and advertising and marketing in Latino markets. The conference will also provide attendees with practical information to enhance their ability to navigate the children’s advertising industry’s self-regulatory forum, specifically CARU’s Self-Regulatory Program for children’s advertising.  This year there will also be a special workshop focusing on Food and Beverage marketing to children. This will be held the day bef...

 With COPPA changes now in effect, there are several things that have changed that you should know about. This video outlines five of the major changes to the Children's Online Privacy Protection Rule that your business needs to know about.

The Federal Trade Commission voted unanimously to retain the July 1st, 2013 date for implementation of the updated Children's Online Privacy Protection Rule. Industry organizations had requested that the FTC reconsider the implementation date for July. The FTC responded by stating that the July 1, 2013 date was announced in December of 2012, giving companies more than six months to prepare. The FTC noted that during the past six months that it has conducted numerous meetings with organizations as well as with individual businesses on how to ensure compliance with the new rule. It also recently issued an update to its Frequently Asked Questions document. For more information about the implementation of the updated COPPA rule, visit the FTC's website . For information about becoming a member of CARU's Safe Harbor program please contact jblack@caru.bbb.org or wkeeley@caru.bbb.org.