QUILES LAW
  • Home
  • attorneys
    • Roger R. Quiles
    • Patrick P. Hankins
  • Servicing
    • Businesses
    • Content Creators
    • Esports Players, Coaches & Talent
    • Esports Organizations & Event Organizers >
      • Ebook
  • Featured In
  • Resources
  • Blog
  • Contact

BLOG

COMPLYING WITH COPPA

9/25/2018

0 Comments

 
On September 11, 2018, New Mexico’s Attorney General Hector Balderas filed a federal lawsuit against an app developer and its contracted advertisers for violating the Children’s Online Privacy Protection Act (“COPPA”), New Mexico’s Unfair Business Practices Act, and the Federal Trade Commission Act. The 85-page complaint contains allegations that Tiny Lab Productions, an app developer, operated 91 apps designed for children that failed to adequately comply with COPPA. The complaint states that the developer collected and sold children’s data to advertisers, who then used the data to track and profile the children for targeted advertising without parental consent. Under COPPA, companies must comply with a certain privacy rules before they are able to collect a child’s data, including obtaining explicit consent from the child’s parents. New Mexico also alleges that some of the apps’ advertisers, namely Google (and its advertising company, AdMob) and Twitter (and its advertising company, MoPub,), marketed these apps through their platforms, which gave the public a false impression that the apps were in compliance with COPPA.
 
The Attorney General is seeking a permanent injunction to prevent any further tracking practices and destruction of any improperly obtained personal data, along with civil penalties for the COPPA violations, and nominal and punitive damages for violating New Mexico’s Unfair Business Practices Act. 
 
App developers and online businesses need to recognize that privacy and data collection practices have become a principal concern for the Federal Trade Commission and Attorneys General throughout the country, especially when it pertains to the collection of children’s data. Website and online service operators should be aware of COPPA and must understand that compliance with it is necessary in order to avoid facing punishment.
 
What is COPPA?
COPPA is a series of federal laws that was enacted by Congress in 1998 to protect the privacy of children under 13 years old. Congress created the regulations to protect children from unknowingly sharing their data with companies, after noticing an increase of marketing techniques that targeted children. The data that was being collected often included personal information ranging from the child’s first and last name, home address, telephone number, and more recently, files that contained the child’s image or voice, and geolocation information that made it easy to identify the child’s street name and home city or town. Congress recognized that children giving away this information posed obvious dangers, and enacted a list of practices for website and online service operators to implement. Effectively, these practices allow parents to control what types of data operators are able to collect from their children. The Act was revised in 2012 to apply to social networks and smartphone apps as well.
 
Who does COPPA apply to?
Many people believe that COPPA only applies to commercial websites and online services that are directed to children under 13 years old, but the Act also extends to other operators who collect data from children. Under the Act, all general audience website or online service operators with actual knowledge that they are collecting, using, or disclosing personal information from children under 13 must also comply with COPPA. Additionally, all website or online service operators that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children will be subject to penalties for not complying with the Act.
 
The Act defines “online services” in a broad manner that includes any service available over the Internet or that connects to the Internet or a wide-area network. This includes all mobile apps that connect to the Internet, Internet-enabled gaming platforms, and services that allow users to play network-connected games, engage in social networking activities, purchase goods or services online. It also includes Internet-enabled location-based services also are online services covered by COPPA.
 
How to comply
Operators must make sure they follow these requirements in order to comply with COPPA:
  1. Post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from children;  
  2. Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children;
  3. Give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents);  
  4. Provide parents access to their child's personal information to review and/or have the information deleted;
  5. Give parents the opportunity to prevent further use or online collection of a child's personal information;  
  6. Maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security; and
  7. Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.
 
What are the consequences of not complying?
For each violation of COPPA, courts may impose a civil penalty of up to $41,484. Courts look at a variety of factors when determining how severe of fine it should levy. If the operator was not collecting a great deal of personal information and had it never violated the Act previously, a court would be less likely to impose the maximum fine. However, if the operator repeatedly violated COPPA, collected a multitude of personal information, and it was sharing the data with third parties, a court would be more inclined to impose the maximum penalty. The fine amount can quickly add up since each violation is penalized. Last January, VTech Electronics agreed to pay the Federal Trade Commission $650,000 over charges that it violated COPPA by collecting personal information from children without providing direct notice and obtaining their parent’s consent, and failing to take reasonable steps to secure the data it collected.  
 
Conclusion
As data collection and tracking continue to be valuable marketing tools for companies, it is important for these companies to understand that they must comply with certain regulations if they wish to perform these practices and collect data from children under the age of 13. By failing to do so, companies will be exposed to steep fines considering the volume of data that is continuously being collected. Without proper compliance and protections in place, a company may end up being subject to fines that can cause permanent damage to the company. If you have any questions on how to correctly with COPPA, please feel free to contact us. 
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Quiles Law is an esports and content creator law firm headquartered in New York City, representing a global clientele.

      Newsletter sign up

    Subscribe

      Questions?

    Submit

    Archives

    June 2022
    October 2021
    July 2021
    June 2021
    November 2020
    March 2020
    February 2020
    November 2019
    August 2019
    July 2019
    June 2019
    May 2019
    March 2019
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    November 2017
    October 2017
    September 2017
    July 2017
    June 2017
    March 2017
    February 2017
    November 2015
    October 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014

    Categories

    All
    Aereo
    Ambush
    Apps
    Athletes
    Athletes Rights
    Basics
    Betting
    Bitcoin
    Blizzard
    Blog
    Burnout
    Business
    Business Formation
    Business Law
    Business Policies
    Call Of Duty
    CBA
    C Corporations
    Checklist
    College
    Constitution And Bylaws
    Content Creators
    Contract
    Contracts
    Copyright
    Corporate Law
    Corporations
    Criminal
    Crowdfunding
    Defamation
    Department Of Labor
    Discipline
    DMCA
    Donald Sterling
    Do's And Don'ts
    Due Diligence
    Employment
    Endorsements
    Equity
    Escape Clause
    Esports
    Exclusivity
    Fines
    Ftc
    Gambling
    How To
    Immigration
    Independent Contractors
    Influencer
    Info
    Infringement
    Insurance
    Intellectual Property
    Internet
    Interns
    Investment
    Ipad
    Lawsuit
    Leagues
    Legislation
    Liability
    Libel
    Licensing
    Litigation
    LLC
    Loans
    M&a
    Marketing
    Media
    Minors
    Mlb
    MLG
    Morals Clause
    Nba
    Ncaa
    Nda
    Negotiation
    New York
    Nfl
    Nintendo
    Non-disclosure Agreement
    Owners
    PEDs
    Players
    Privacy
    Pro Gaming
    Quora
    Regulation
    Representation
    Rules
    Sales
    S Corporations
    Small Business
    Social Media
    Sole Proprietor
    Sponsorships
    Sports
    Sports Agents
    Sports Business
    Sports Law
    Startups
    Streamers
    Substance Abuse
    Sue
    Supreme Court
    Swatting
    Tax
    Teams
    Tech
    Tortious Interference
    Trademark
    UAAA
    UK
    Video
    Video Games
    Virtual Currency
    Visa
    Website
    Wellness
    Yelp
    Youtube

    RSS Feed

    Contact
1177 Avenue of the Americas
Fifth Floor
​New York, NY 10036

(P) (917) 477-7942
(F) (917) 791-9782
Attorney Advertising. The information presented in this site should not be construed to be formal legal advice nor  is it intended to form any attorney/client relationship. Our attorneys are licensed to practice law in the States of New York, New Jersey, Tennessee, Texas and Wisconsin. Copyright Quiles Law, 2024. All rights reserved.
  • Home
  • attorneys
    • Roger R. Quiles
    • Patrick P. Hankins
  • Servicing
    • Businesses
    • Content Creators
    • Esports Players, Coaches & Talent
    • Esports Organizations & Event Organizers >
      • Ebook
  • Featured In
  • Resources
  • Blog
  • Contact