On August 13, 2018, the Federal Trade Commission approved changes to the video game industry’s safe harbor guidelines under the Children’s Online Privacy Protection Act (“COPPA”) Rule. COPPA’s “safe harbor” provision enables industry groups to propose self-regulatory guidelines regarding COPPA compliance for FTC approval.  Continue Reading FTC Approves Changes to Video Game Industry’s Safe Harbor Program Under COPPA

On August 3, 2018, California-based Unixiz Inc. (“Unixiz”) agreed to shut down its “i-Dressup” website pursuant to a consent order with the New Jersey Attorney General, which the company entered into to settle charges that it violated the Children’s Online Privacy Protection Act (“COPPA”) and the New Jersey Consumer Fraud Act. The consent order also requires Unixiz to pay a civil penalty of $98,618. Continue Reading Unixiz Agrees to Settle Charges Under COPPA and the New Jersey Consumer Fraud Act

Recently, Iowa and Nebraska enacted information security laws applicable to personal information. Iowa’s law applies to operators of online services directed at and used by students in kindergarten through grade 12, whereas Nebraska’s law applies to all commercial entities doing business in Nebraska who own or license Nebraska residents’ personal information. Continue Reading Iowa and Nebraska Enact Information Security Laws

On May 16, 2018, the Irish Data Protection Bill 2018 (the “Bill”) entered the final committee stage in Dáil Éireann (the lower house and principal chamber of the Irish legislature). The Bill was passed by the Seanad (the upper house of the legislature) at the end of March 2018. In the current stage, final statements on the Bill will be made before it is signed into law by the President. Continue Reading Irish Data Protection Bill in Final Committee Stage Before the Irish Legislature

On April 27, 2018, the Federal Trade Commission issued two warning letters to foreign marketers of geolocation tracking devices for violations of the U.S. Children’s Online Privacy Protection Act (“COPPA”). The first letter was directed to a Chinese company, Gator Group, Ltd., that sold the “Kids GPS Gator Watch” (marketed as a child’s first cellphone); the second was sent to a Swedish company, Tinitell, Inc., marketing a child-based app that works with a mobile phone worn like a watch. Both products collect a child’s precise geolocation data, and the Gator Watch includes geofencing “safe zones.”   Continue Reading FTC Issues Warning Letters for Potential COPPA Violations

On March 6, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP issued a white paper on GDPR Implementation in Respect of Children’s Data and Consent (the “White Paper”). The White Paper sets forth guidance and recommendations concerning the application of GDPR requirements to the processing of children’s personal data. The White Paper also highlights and addresses several issues raised by the Article 29 Working Party (the “Working Party”) with regard to children in its guidelines on consent and issues raised by the UK Information Commissioner’s Office in its Consultation on Children and the GDPR. Continue Reading CIPL Issues White Paper on GDPR Implementation in Respect of Children’s Data and Consent

On February 5, 2018, the Federal Trade Commission (“FTC”) announced its most recent Children’s Online Privacy Protection Act (“COPPA”) case against Explore Talent, an online service marketed to aspiring actors and models. According to the FTC’s complaint, Explore Talent provided a free platform for consumers to find information about upcoming auditions, casting calls and other opportunities. The company also offered a monthly fee-based “pro” service that promised to provide consumers with access to specific opportunities. Users who registered online were asked to input a host of personal information including full name, email, telephone number, mailing address and photo; they also were asked to provide their eye color, hair color, body type, measurements, gender, ethnicity, age range and birth date. Continue Reading FTC Brings Its Thirtieth COPPA Case, Against Online Talent Agency

On January 8, 2018, the FTC announced an agreement with electronic toy manufacturer, VTech Electronics Limited and its U.S. subsidiary, settling charges that VTech violated the Children’s Online Privacy Protection Act (“COPPA”) by collecting personal information from hundreds of thousands of children without providing direct notice or obtaining their parent’s consent, and failing to take reasonable steps to secure the data it collected. Under the agreement, VTech will (1) pay a $650,000 civil penalty; (2) implement a comprehensive data security program, subject to independent audits for 20 years; and (3) comply with COPPA. This is the FTC’s first COPPA case involving connected toys and the Internet of Things.

Recently, the Office of the Privacy Commissioner of Canada (“OPC”) issued its 2017 Global Privacy Enforcement Network Sweep results (the “Report”), which focused on certain privacy practices of online educational tools and services targeted at classrooms. The OPC examined the privacy practices of two dozen educational websites and apps used by K-12 students. The “sweep” sought to replicate the consumer experience by interacting with the websites and apps, and recording the privacy practices and controls in place. The overarching theme of the Report is “user controls over personal information,” which the OPC further refined into four subthemes: (1) transparency, (2) consent, (3) age-appropriate collection and disclosure, and (4) deletion of personal information. Continue Reading Canadian Privacy Commissioner Issues Report on Children’s Educational Apps