Tag Archives: COPPA

COPPA Lawyers Explains 2016 Imaging Technology Update

COPPA Lawyer update
In this article, a COPPA lawyer explains the latest changes to the law involving facial imaging technology.

Beep! Beep! Make way for a caravan of “COPPA Cassandras.”

The Federal Trade Commission approved a new Children’s Online Privacy Protection Act (COPPA) verification process. And you know what that means: children’s advocacy groups are sounding alarms. What’s the latest COPPA complaint? In short: “Tricky kids are tricky – tricky enough to weasel their way around this photo verification process!”

A 30-Second COPPA Summary

First, let’s quickly review COPPA. Here are the main points:

  • At the time of this writing, COPPA is one of the few federal online privacy laws in the United States.
  • Its goal is to protect kids aged 12 and under from the evils of the Internet.
  • The crux of COPPA is the verification requirement. Parents and guardians must consent before a digital platform or app is allowed to collect information from minors or let them participate on certain websites.

Click here to read more about COPPA rules »

The New COPPA Verification Method: Facial Recognition

Previously, guardians could satisfy the COPPA verification requirement via:

  • Credit card authorization;
  • Mail in consent;
  • Fax in consent;
  • Calling an 800 number; or
  • Sending an electronic scan.

Now, parents have the option of using the Face Match Verified Photo Identification (FMVPI) method – or in the colloquial parlance of our time, “selfie verification.”

How does it work?

  • First, the parent or guardian submits a government issued identification picture (i.e., driver’s license or passport pic).
  • Second, the parent or guardian takes a selfie with either a smartphone or webcam and submits it.
  • If the two images match, then verification is complete and the biometric data is erased within five minutes.

Naysayers: “COPPA Facial Recognition Method Unsafe Because Today’s Tots Are Tricky.”

COPPA is frequently amended. And every time officials update it, someone voices concern about the change. The Facial recognition verification amendment is no exception; concerned parties have taken to the Internet, flash mobbing a cacophony of caution.

So, what’s the main gripe about the new COPPA verification method? In a phrase: high trickery potential. The anti-FMVPI camp insists that sneaky kids will cajole “willing adults” (i.e., sketchy adults) into posing as their parents or guardians. Other folks opposed to imaging technology verification also argue that today’s wee-ones are more than savvy enough to:

  1. lift mom’s or dad’s license without mom or dad noticing;
  2. take a picture of mom or dad with a smartphone or webcam; and
  3. submit both with neither mom or dad the wiser.

After considering the potential for deceit, regulators felt the concerns were overblown because the system incorporates appropriate safeguards. A proponent of the imaging technology explained that measures are in place to “reasonably [calculate], in light of available technology, to ensure that the person providing consent is the child’s parent.”

Who Needs To Follow COPPA Rules?

Since COPPA’s ascendance into U.S. federal law books, there’s been confusion as to who must follow the rules and who is exempt. And, to be fair, the confusion was understandable; language in the early iterations of the bill was, shall we say, vague.

Yes, I want to speak with a COPPA Lawyer »

But these days, edits have been made, and clarifications added. Here’s the COPPA bottom line:

  • If your website or app, in any way whatsoever, caters to children aged 12 and under, adhere to COPPA rules – even if you don’t target kids; even if you buried a clause, in the terms, forbidding minors from using the site. If a website or app could be attractive to the kidlings – due to animations or color schemes or topic matter – follow COPPA.
  • If you operate or develop an advertising distribution app – or any other type of plugin – you, too, are responsible for following COPPA protocol.

Want to make sure you’re on the right side of the legal COPPA fence? Chat with an attorney who focuses on Internet law. It’ll only cost you a couple of hundred dollars, give you peace of mind, and maybe save you millions of dollars in sanctions.

Consult With A COPPA Lawyer

Are you ready to speak with an experienced COPPA law attorney? If so, get in touch with Aaron Kelly. A top-rated lawyer, Aaron maintains high ratings on AVVO, in addition to a preeminent AV rating. Want to know more about the guy? Click here for his bio.

COPPA violations are expensive. Avoid them. Partner with an experienced COPPA lawyer – one who will work to keep you on FTC’s good side.

COPPA Update: Cleaner Language & Safe Harbor Programs

Summer 2014 COPPA Update
There are more Children’s Online Privacy Protection Act Updates. Do you know them?

The FTC has been busy this summer! In addition to releasing a few online marketing and privacy reports, the nation’s consumer watchdog also issued several updates to the current mac-daddy  of U.S. online privacy laws – the Children’s Online Privacy Protection Act (COPPA). The changes are mostly cosmetic and language-oriented – out with “legalese,” in with “plain English” type of adjustments.

Nevertheless, there are a few items worth reviewing.

Bolstered Liability Language Regarding Site & App Functionality

Requested, Promoted and Encouraged

The previous version of the Children’s Online Privacy Protection Act said the law applied to website operators and app developers who “requested” identifiable information from minors. In the latest version, “requested” has been expanded to “requested, promoted or encouraged.”

Everything Digital Falls Under COPPA Now

The last COPPA version specifically mentioned chat rooms and message boards as Internet-based platforms on which children could share personal information. Now, specific mentions of various types of online websites has been replaced with the broader “in identifiable form.”

Other Small COPPA Language Changes

  1. Changed e-mail to email;
  2. Included “instant messaging user identifiers, VOIP identifiers and video chat identifiers as “an identification that permits direct contact”;
  3. Added geolocation as a “persistent” identifier;
  4. Added the word transfer to section that addresses the exchange of PII between parties, used to be only sharing, selling and renting.

Clarified The Value of Hyperlinks In Determining Which Websites Fall Under COPPA and Which Do Not

The new COPPA documents states:

A website or online service shall not be deemed directed to children solely because it refers or links to a commercial website or online service directed to children by using information location tools, including a directory, index, reference, pointer, or hypertext link.

In other words, just because you link to a website that may fall under COPPA regulations doesn’t mean you ARE a site that falls under COPPA regulations.

Clarified That Websites That Deleting Children’s Info Lowers Liability

One of the main confusions about the Children’s Online Privacy Protection Act is whether or not sites that don’t use, share or sell collected data have to comply with it. The new version of the rule clarifies:

“An operator shall not be considered to have collected personal information under this paragraph if it takes reasonable measures to delete all or virtually all personal information from a child’s postings before they are made public, and also to delete such information from its records.”

Passive Tracking Illegal According To COPPA

The new Children’s Online Privacy Protection Act rules document clearly states that passive tracking of a child online – without following COPPA protocol – is illegal.

Cleared Up What Constitutes Website Functionality

COPPA rules have always allowed for the inconsequential collection of children’s’ data related to website maintenance and functionality mechanisms, like updates and certain types of security backups. The latest version of the rules expounds on allowable “administrative and functionality” collection circumstances. Perhaps most notably, the word “analyze” was added to this section – thereby allowing for more flexibility in terms of traffic aggregator plugins and apps used for business marketing and SEO.

Plainly Stated What Factors The Commission Looks For When Deciding If A Website Must Comply With COPPA Regulations

Previously, the FTC’s explanation of the factors considered when determining a website’s COPPA status was a confusing. The new document is much clearer.

The FTC looks at the following factors when deciding if a site is “directed towards children”:

  1. Subject matter;
  2. Visual content;
  3. Use of animated characters or child-oriented activities and incentives;
  4. Music and other audio content;
  5. Age of models;
  6. Presence of child celebrities or celebrities who appeal to children;
  7. Language; and
  8. “Competent and reliable empirical evidence regarding audience.”

Actual Knowledge Is The New COPPA Standard

Also, the new Children’s Online Privacy Protection Act states that a website, plugin or app will be deemed “directed to children” when the operator has “actual knowledge” that it is collecting personally identifiable information.

Slight Change of Rules Concerning Credit Card Parental Consent Authorization

If it wasn’t clear before, the FTC has now made it so: it is not sufficient to just gather credit card information without charging it as an acceptable parental consent mechanism. However, credit card information coupled with other identifying information may be sufficient.

App Store Account Coverage & Liability

The latest version of the COPPA rules says that developers can “rely” on any disclosures a given app store has if said app store includes legal coverage in their deal / contract with developers. Moreover, software companies can develop multi-platform COPPA parental consent mechanisms without assuming liability. (#score)

Data Retention Clarification

The latest version of the Children’s Online Privacy Protection Act states that any personally identifiable data collected from people aged 13 and younger can only be used “for only as long as is reasonable necessary to fulfill the purpose for which the information was collected.”

Safe Harbor Programs

The original COPPA rules allowed for legislators to develop a “safe harbor parental consent” program in which designated products could earn a “COPPA safe harbor” designation and using any of them would ensure compliance with the law.

Welp, the FTC has developed the program and ratified several products and services. So, new language was added to the COPPA rules to reflect the new “safe harbor” program and outline the “self-regulator” standards.

Speak With A COPPA Lawyer

If you need to learn more about the Children’s Online Privacy Protection Act, check out the related blog posts (in the right sidebar if you’re at a computer; below if you’re on a mobile device).

If you need a COPPA lawyer to review your website for

COPPA Update: Schools Must Ensure Consent Methods Are Up-To-Date

picture of school room to accompany post about COPPA school updates

The FTC released another Children’s Online Privacy Protection Act (COPPA) update. The new clarification deals with schools and schools alone. So, if you’re not a school administrator or parent of a school-aged child, then you can rest easy. Website operators should, however, be aware of the change for administrative purposes.

COPPA In 20 Seconds

Passed in 1998 and effective starting in 2000, the Children’s Online Privacy Protection Act is one of the few federal online privacy laws. It requires that websites obtain parental consent before collecting identifying information from minors aged 13 and younger.

You can read more about COPPA, here, here and here.

What happens if you’re caught violating COPPA regulations? Very hefty fines. Massive.

What Is The Latest COPPA Change?

Specifically, the FTC updated Section M of the Children’s Online Privacy Protection Act entitled ‘COPPA and Schools.’ The amendments clarified two main points.

  1. The responsibility for granting COPPA consent for students should be handled at the school administrative level, not by individual teachers.
  2. Schools should make available, on their respective websites, a list of software programs used at the school district. This way, parents can review the information and make any objections (for their children) directly to the administration.

In a memo announcing the COPPA update, the FTC reminded that although schools can consent on behalf of parents for school-related software, parents still have rights under the Family Educational Rights and Privacy Act.

Criticism Of The April 2014 School COPPA Updates

Executive Director of The App Association,  Morgan Reed, isn’t convinced that the latest COPPA update is going to help or change much. Reed explained:

“School administrators often are provided few details about how online service providers handle data collected on children, and recent court cases reveal that some companies use information from the classroom to target advertising to children. Parents … should get to decide whether their child’s data should be commoditized by schools to benefit advertisers.”

Contact A COPPA Lawyer Today

Do you have a website used by kids aged 13 and younger? Even if it was not your intent to attract a young audience, if children use your website, you MUST comply with COPPA standards. To speak with an attorney extremely well-versed in COPPA (and other online privacy issues), get in touch with Kelly / Warner today. Our track record is great and we’ve helped many, many other people with their COPPA issues. We can make sure you’re squared away too.

COPPA Parental Consent: A 101 Legal Guide

COPPA parental consent rules
What are the COPPA parental consent rules? What is allowed and what is not?

IN THIS ARTICLE:

  • Allowable COPPA parental consent methods
  • The FTC approved a new consent option for the Children’s Online Privacy Protection Act
  • New COPPA parental consent method is based on knowledge-based authentication
  • KBA method beat out new “social-graphing” authentication method

Attention companies covered under the Children’s Online Privacy Protection Act: The FTC approved a new COPPA parental consent method. The nation’s consumer watchdog agency green lit Imperium LLC’s dynamic knowledge-based authentication system, ChildGuardOnline.

Quickly, What Is COPPA?

The Children’s Online Privacy Protection Act is one of the few Internet privacy laws in the United States. In short, it established a set of governing rules for online data collection and digital storage of people aged 13 and younger. One of the main COPPA components is parental consent. In the simplest terms, websites and apps must obtain parental consent before collecting, using or storing kid’s information. What are acceptable COPPA parental consent methods? Keep reading.

The Old (& Still Usable) COPPA Parental Consent Methods

Until now, the only FTC-approved “verifiable parental consent” options were:

  • Providing a downloadable consent form that the parent could sign and return — via U.S. mail, fax, or electronic scan;
  • Requiring parents to use a credit card, debit card or online payment system that notifies the cardholder of every transaction;
  • Providing a toll-free number to call;
  • Providing a video confirmation service;
  • Checking government ID against an FTC-approved database. (This method can only be used if you immediately delete the parent’s information after verification.)

The New Rules For COPPA Parental Consent

In 2013, the FTC updated COPPA regulations. Part of the “upgrade” involved expanding the list of allowable parental consent methods. According to the new rules, companies can “apply” to get an FTC “COPPA-validation stamp of approval” for their digital authentication platforms. Here’s how it works:

  1. First, a company submits a proposal to the FTC explaining their digital authentication system and why it would be an effective COPPA parental consent-friendly platform.
  2. Then, the FTC publishes the proposal and invites the public to submit any feedback about the application.
  3. When the comment period ends, the FTC reviews the proposal and public feedback; then the agency decides if the applicant’s platform is an acceptable COPPA parental consent product. After review, findings and a decision are posted online.

 Has The FTC Rejected Any Other COPPA Parental Consent Applications?

Imperium is not the first company to apply for COPPA parental consent status. AssertID, another authentication company, also submitted their social media verification process for FTC review. Dubbed a “social-graph verification” scheme by the FTC, AssertID is a system wherein a parent’s social media “friend” verifies a parent’s identity. Unfortunately for AssertID, the commission rejected its proposal because it could not be “reasonably calculated” that the person giving consent was an actual parent or friend of the proper parental consent holder.

[Interesting business competition side note: AssertID’s proposal garnered 6 public responses – none of which were from Imperium. AssertID, however, did submit a comment for Imperium’s COPPA parental consent proposal and argued that their competitors program failed “to establish an adequate link between parent and child.” Additionally, AssertID argued, “The only link between the child and the parent is that implied by what is presumed to be the parent’s email address — there is no verification that this is in fact true. Although this weak implied link has been overlooked in the past, we feel that any new [consent] methods should be held to the requirement.”]

What Is Knowledge-Based Authentication?

We’ve become accustomed to online verification methods, like captchas. A typical verification method is called “knowledge-based authentication,” which requires respondents to either provide or verify personal information items in order to gain access to a private part of a website or application. There are two main types of knowledge-based authentication models, static KBAs and dynamic KBAs.

  • Static KBAs are based on “shared secrets”. When registering for an online service, a user will be asked to provide the answers to various security questions. In order to retrieve credentials, he or she is asked to provide answers to those questions. Oftentimes static KBA systems are used for online banking logins (i.e., what is your mother’s maiden name?).
  • Dynamic KBAs don’t require the user to have previous contact with a given site. Instead, the system automatically generates questions it culls in real time from public records. (Say What!? Yep.) Typically, the questions asked are considered “out of wallet” questions, meaning they aren’t queries someone could glean from either stealing or finding your wallet. Information is gathered from credit reports, marketing data and sometimes even social media.

What Stipulations Did the FTC Make About Acceptable COPPA parental consent options?

To thwart any budding Al Capones, the FTC demands that any new COPPA parental consent systems are “dynamic, multiple-choice questions with enough options to ensure that the chances of a child guessing the correct answers are low.” In addition, the commission will only consider systems wherein “the questions used are of sufficient difficulty that it would be difficult for a child in the household to figure out the answers.”   If you have a website that could be used by a child aged 13 or younger, you must comply with all COPPA consent rules.

COPPA Lawyer

If you have a website that could be used by a child aged 13 or younger, you must comply with all COPPA parental consent rules. It is no longer good enough to include a disclaimer like, “You must be older than 13 to use this site,” in your terms of service policy. Speak with a qualified COPPA lawyer to ensure compliance. The few hundred dollars it will cost for counsel is far better than the boat loads you may have to pay if the FTC comes a’knocking. A COPPA compliance audit is quick, painless and affordable. Get in touch today to get started on your COPPA legal compliance review.

Legal Advice For Tech Startups: A Quick Guide

startup lawyer
Getting ready to launch a startup? Before you click the mouse, make sure all your legal ducks are in a row.

You’re starting a startup and need to know the applicable laws. Well, you’re in luck, because this is a quick legal guide to launching a tech startup. While it’s always a good idea to speak with a startup law attorney before launching, this advice for tech startups should set you down the right legal path.

First Things First: Pick A Home-base For Your Business

Not all state startup laws are created equal. Some states have affiliate-friendly statutes; others favor e-commerce outfits. Finding the best jurisdiction for your company is the first step in establishing a legal base for your operation. In addition to industry considerations, remember to review the partnership laws in your state of choice. Some states have laws that prevent a co-founder from being let go without being bought out, others don’t. Some have tax structures that favor small tech startups, some don’t. So when you’re debating the decision, take some time to really think about your business; think worst case scenarios and then figure out which state is best for you. If you’re not sure where to begin with something like that, a good startup lawyer can help.

Legal Advice for Tech Startups Point #1: Register That Intellectual Property Properly

These days, intellectual property is as valuable to a startup as a bottomless venture fund would be. OK, that’s an exaggeration, but it can’t be stressed enough that IP is the equivalent to digital gold. Think about how much it would sting if you lost your branding edge due to an ill-filed copyright or trademark registration.

Another bit of startup advice: in the interest of clean records, make sure the intellectual property is registered to the company, not an individual. In the event of a partner split, the last thing you need is to be haggling over who owns the IP. It could get nasty.

Legal Advice for Tech Startups Point #2: Work Out a Partnership Agreement and a Pre-Nup

If you are embarking down startup path with others, make sure a partnership “pre-nup” is signed. Starting a company can be stressful, just as stressful as an unsuccessful marriage. Putting an exit agreement on paper while things are good is a great idea. Moreover, it allows you to see how you and your partners deal with unpleasant necessities – and it may just save you from getting into the wrong relationship with the right people.

Legal Advice for Tech Startups Point #3: Domestic and International Online Privacy Laws

While the Internet industry currently has fewer regulations than many others, there are still a number to which all companies must adhere. If you’re planning on doing business overseas – or targeting clients in the EU as well as North America – then there are even more laws you must heed. Here’s a quick list of a few:

Children’s Online Privacy Protection Act

The Children’s Online Privacy Protection Act is the only Internet privacy bill that has not been shot down in some way by the Supreme Court of the United States. And it looks like it’s about to be updated again – in a not so great way. If you are running a site or app that could potentially be attractive to kids – even if it’s not your intent to target kids – you’d better familiarize yourself with COPPA regulations. If not, crippling fines could play a major role in your not so distant future.

Gramm-Leach Bliley Financial Modernization Act

The mighty GLB – otherwise known as the Gramm-Leach Bliley Financial Modernization Act – is a wide sweeping bill that affected many industries. Tech startups need to be aware of the bill’s very specific financial online privacy standards. It’s a nuanced piece of legislation that must be understood, or, again, you could find yourself beat before you warm up.

United Kingdom Cookie Law

The Internet knows very few borders. That’s why any startup in North America must consider Internet law happenings across the pond. Currently, the new UK cookie law is the main regulation any new online venture should understand and incorporate into their platform. If not, you could face some very time-consuming European litigation, and possibly a hefty fine.

Legal Advice for Tech Startups Point #4: The Dot Com Disclosures

If you market on the Web, you must follow guidelines in the Dot Com Disclosure — the online marketing bible put out by the Federal Trade Commission. It covers everything from the proper use of testimonials to disclosure statements to allowable online marketing language. Get a copy, read it, know it — doing so will save you a lot of grief in the long run.

Legal Advice for Tech Startups Point #5: CYB and Invest In Proper Website Policies

Every type of startup business – whether it be a groupon-type platform, a crowdsourcing project, an app or a social network – has its own set of provisions that need to be touched upon in a site’s terms of service, privacy policy and disclaimer. While some template website policies are perfectly fine for your average run of the mill website, a legitimate startup could find themselves in some very deep legal hot water by using one. Besides, there are inexpensive legal services out there that custom draft terms, so you won’t have to pay a huge amount for the protection.

The Kelly / Warner Law Firm was established to cater to the needs of online businesses and Internet entrepreneurs. We know the industry and the regulations that govern it; we understand the difference between blackhat and whitehat; we spend our days lawyering and our evening devouring anything tech-related. If you’re a startup looking for legal counsel, contact us today. We’re confident you’ll be impressed with our efficiency…and Internet law geek quotient.

FTC Workshop Outcome May Impact Internet and Mobile Marketing

Mobile Marketing
The FTC loves to make up marketing rules — and now they’re thinking up a few more for mobile marketing.

At the end of May, the Federal Trade Commission held a workshop on the effectiveness of disclosures on mobile devices.” The goal was to better understand how marketers can provide clear use policies and advertisement labeling on mobile devices and social media platforms.

The FTC’s Mobile Marketing Concerns: Disclosure Policies, Small Screens and Social Media

Charged with ensuring an equitable marketplace, the Federal Trade Commission is the government body responsible for establishing and enforcing online marketing guidelines. Now that smartphones and social media are here to stay, the panel must come up with recommendations for the best way to incorporate advertising and promotional disclosures on cloud-based, networking platforms and mobile devices.

Enter Mobile Marketing: Small Screen Size = FTC Headache

Mobile phones and social media present a unique problem for the FTC. As stated, the commission’s primary concern is to make sure users are presented with the necessary information to make informed decisions about whether or not to purchase products and services, or participate in sweepstakes or promotions.

The “quick-click” nature of the Internet (i.e., Facebook likes) and the prevalence of small-screen devices, however, make it difficult to get those disclaimers and disclosures in front of peoples’ eyes. After all, who can read read a 3pt font?

But more and more, companies are using mobile marketing to promote their brands. Often, these promotions are coupled with give-a-ways. Just recently, Target stores gave away “beauty boxes” in exchange for “likes” on Facebook; Amazon.com once offered a $3 instant video credit to anyone who agreed to tweet a pre-written 140-character missive; in the Washington, DC-area, a Mattress Discounters offered folks who liked their Facebook page an opportunity to enter a drawing for a $100 gift certificate.

The Problem Mobile Marketing Promotions Present For The FTC

As you might imagine, online and mobile marketing incentives are a gray area for the FTC. On one hand, they must develop rules that guard against misleading and fraudulent marketing, while at the same time do their best to establish rules that include consumer notifications. But the FTC also must be careful that policies don’t thwart innovation and business development.

For example, at the workshop last month, a sticking point was whether or not the amount of Facebook “likes” a product or service has actually influences consumer decisions – and if they did, should it be considered fraudulent online advertising if it’s not clear that many of those likes were given in exchange for something else?

What the FTC Currently Requires Of Online Marketers

Today, all entities marketing their wares online or through mobile devices must abide by all the regulations laid out in the Dot Dom Disclosures. First enacted in 2000 (and updated several times since), the 83-page Dot Com Disclosures should be the bible of every online marketer.  It clarifies “unfair and deceptive” online and mobile marketing techniques.

Other regulations all companies and online advertisers must follow:

(1)    Paid Twitter advertisements should use the #paid hash tag;

(2)    Negative-option marketing must be done in a legal manner (and that standard is growing stricter every day);

(3)    If your app, platform, or website is frequented by underage users, stricter COPPA standards must be met.

If you’re launching a new platform or marketing campaign, it’s always best to consult with an online advertising lawyer before you unleash it to the world.

Users, Advertising & Making The Most Of The FTC’s Time

Harinder Mundi, a consumer from Woodbridge, NJ, participated in both the Target and Amazon offers mentioned above. When asked about her opinions on social media marketing, she admitted she finds it “irritating” when her Facebook news feed is cluttered with endorsements, even when they’re from friends — especially since, according to Mundi, “it is obvious that they are being paid.”

Mundi’s admission raises a provocative social marketing question: is online “socialtising” becoming as ubiquitous as banner advertising, and as such immediately recognizable without a disclosure? Couple that with our tendency not to read terms of service agreementsHUMANCENTiPad, be damned!

Of course the FTC will never declare terms of service agreement, advertising disclosures, or privacy policies “null and void” – but it may be time for the global commerce community to start developing universal icons that represent certain legal standards (like the stick figures that guide us to the proper bathroom, water closet or cuarto de baño no matter where in the world we may be).

Hey, if the FTC decides to tighten mobile disclosures, it could be a modern-day Renaissance for semioticians everywhere!

New FTC Rules For Kid App Developers

Federal Trade Commission Logo
Federal Trade Commission Announces New COPPA Focus. Target Kids Apps.

Buckle up app developers, The FTC is making moves. This time they have their sights set on kids’ apps.

Last week, the commission announced the results of study analyzing how apps in the Android Market and Apple App Store disclose data collection information.

The FTC wasn’t psyched about their findings; they’re now looking into enforcement measures for applications that don’t include an easily digestible data and privacy policy.

About The FTC Kid’s App Study

In the kid’s app study, the FTC looked at about 1000 of the top kid’s apps on both the Apple and Android online stores (500 each). The findings are detailed and can be found here.

The gist of the conclusion: in “most instances” kid’s apps didn’t have proper policies and features explaining what data was collected and how it would be used.

New COPPA Rules On The Way For Kids Apps

In the announcement, the FTC announced it was also working on amendments to the Children’s Online Privacy Protection Act (COPPA). Due to consumer pressure, and a changing technological landscape, provisions for mobile apps are expected to be added to the federal children’s online privacy bill soon.

Update: The FTC made the proposed COPPA changes for kids’ apps official at the end of December 2012.

FTC Heat Forcing New Apple and Android Developer Procedures

“Developers should provide simple disclosures that explain what information an app collects, how it will be used, and with whom it will be shared,” explained the FTC. Developers should also disclose if the app connects with social media or includes targeted ads.

Simple privacy policies and disclosures, which clearly delineate what type of information an app collects and how it will be used is the key to keeping the FTC off your back.

In other words, since COPPA is the current law of the land – and the FTC has the power to enforce COPPA standards and levy hefty fines – it would behoove all developers to get a privacy policy ASAP.

Currently, the Apple Marketplace doesn’t require developers to disclose whether or not they share information, but the company insists they reject programs that target children for data collection. Due to the new FTC focus on kids’ apps, Apple will now require applicants to divulge this information when submitting work for review.

The Android market does currently require developers to include descriptions of their data dealings as it relates to their apps — but expect them to also tighten their standards.

Industry Reactions To The Kid’s App Study & Statement

A representative from the Association for Competitive Technology – an app developer advocacy group – pointed out that many developers aren’t being malicious, but instead simply don’t know about the laws associated with selling mobile apps and various federal and state privacy statues. The rep also cautioned, “We also believe that while the overwhelming majority of children’s app makers are well-intentioned, if there are those who operate with malice outside the law, we fully endorse regulatory action by the FTC.”

The Center for Digital Democracy, in support of the FTC’s new rules said, “Both Google and Apple, the two leading mobile app companies, must do a much better job protecting children’s privacy.”

So what should you do if you’re a kids app developer? Consult with a technology lawyer and make sure your program is hooked up with the correct policies. An app lawyer will also walk you through the rules and advise on “how far you can go” without breaking the law.

Online Marketing Laws: What You Need To Know

Online Marketing Laws Introduction

More than ever, it is imperative that businesses tread the line between successful marketing campaigns and misuse of marketing techniques that may border or cross into illegality. The best defense is to establish standards of online marketing well within the realm of the law — and familiarization with current online marketing laws is the first step.

Online Marketing Laws: Terms of Use and Privacy Policy

If you don’t have them already, get yourself a privacy policy and terms of service contract for your website ASAP. More and more people are suing (and winning) for various Internet privacy issues.

The catch 22 is that when an entity collects data from consumers in the U.S., the standard is that the entity owns the data, or in more precise terms, “the right to store and utilize it.” Such a broad reaching generalization is the exact issue that got Google in legal trouble a while back. Despite the “green light” to enjoy the privilege of “data use and dissemination,” legal boundaries can be crossed — and the fuzzy realm of impropriety belies no protection if consumers choose to complain or sue.

To help ensure your business stays on the right side of online marketing laws, make sure you:

Have a Privacy Policy and Terms of Use contract on all your websites. Make the verbiage clear and ensure you adhere to your own stated regulations. Inclusions often overlooked include the use of cookies and data sharing that is “non-sales” or “sales” in nature. Provision of a link that leads to your Privacy Policy and Terms of Use which is clearly visible on your website is a wise choice as well.

– Opt to choose not to sell information. While the benefits of “information sharing” are tempting, selling information will often diminish consumer trust. Being able to state that you will never sell consumer information will put many of your users at ease. It’s also advisable to state that sensitive information will be stored under a non disclosure policy.

– If you work with other websites for your online marketing campaign, make sure to absolve yourself of fault with any issues related to your partners’ sites.

– Note that the web is worldwide. If you wish to obtain international consumers it is best to garner a safe harbor certification. Note that there are guidelines called Safe Harbor Principals that you will be bound to adhere to if want to market to EU clients. The EU has the Data Protection Directive, which your Terms of Use and Privacy Policy must comply with in order to garner Safe Harbor Certification.

Online Marketing Laws: Full Review and Affiliation Disclosure

If your online promotions will include consumer reviews or “mock reviews” in which the reviewer has been paid for their review content you must disclose that fact. As of 2009 the Federal Trade Commission revised its Guide concerning the use of Endorsements and Testimonials. Reviewing the guide is essential as it outlines the cases in which a businesses content may be deemed worthy of adverse legal action.

Not only are undisclosed paid testimonials and reviews frowned upon, including posts on review websites, undisclosed endorsements garnered by those in close relation to businesses are prohibited as well. Also, not telling users that you paid for a research study highlighted on your site, is also a big no-no.

Online Marketing Laws: CAN-SPAM — Controlling Online Marketing Laws:the Assault of Non-Solicited Pornography and Marketing Act

The Controlling the Assault of Non-Solicited Pornography and Marketing Act or the CAN-SPAM Act is the bible of commercial email etiquette. More than a mere set of “rules of thumb” these regulations must be strictly adhered to. The cost of CAN-SPAM violations can reach up to 16k per individual email violation. Therefore businesses need to ensure that each email sent on their companies behalf falls under submission to the regulations set in place.

– The “To”, From” and Subject lines in all emails must be clear and non-deceptive. Additionally the “Reply to” must be equally transparent.

– You must always provide a means of “opting out” of future communications. It is best to have a system in place that will remove consumers who opt out promptly.

– There must be a physical mailing address visible in the body of the email.

– Utilize a reliable ESP to prevent non-compliance issues.

Online Marketing Laws: Intellectual Property

Perhaps the most murky waters of online marketing fall under the umbrella of intellectual property. More than all other violations this one ensnares the most businesses. It is worth noting that even user generated violations of intellectual property can be viewed as violations. There are many arguments both plaintiffs and defendants can use in intellectual property lawsuits. Consultation with an attorney is advisable.

No doubt, while there are immense benefits to online marketing it pays to be diligent in avoiding unnecessary pitfalls. Making the most of your online marketing campaign can be done without detriment to your desired message. If you take the proper cautionary steps, your business can enjoy a lucrative online marketing campaign without worrying whether or not you’re on the right side of the law.

Note that the information within this article is just an informative guide. It is not an all-inclusive layout of all laws and responsible practices. For a complete understanding of the laws that may pertain to your specific online marketing campaign and advice on if your proposed approaches will be in compliance with the law always consult an attorney.

Hormones Should Play A Role In Lawmaking, Say Advocates

COPPA teenagers
A group of parents and doctors sent a letter to the president saying they want lawmakers to consider hormones when considering COPPA teenager rules.

The Children’s Online Privacy Protection Act, or COPPA, safeguards kids under the age of 13. But now, a group of medical and consumer advocacy groups are urging officials to enact laws that further protect the personally identifiable data of adolescents aged 13 to 18.

Advocates Want Politicians To Think About Teenagers’ Hormones When Crafting COPPA Rules

Representatives from the American Academy of Pediatrics, Center for Digital Democracy, Center for Science in the Public Interest and the Consumer Federation of America all added their John Hancocks to a letter urging Feds to push for more teen-focused protective online privacy laws.

The letter calls primarily for three things:

  • Adherence to Fair Information Practice Principals when marketing to teenagers
  • A teenage-friendly privacy policy (whatever that means.)
  • Clearly distinguishable methods to opt-in and out of various data collection programs

Why are people pushing for stricter teenage-centric, online privacy laws? Simply put: hormones.

Teenagers “experience greater emotional volatility than younger children and adults. As such, they’re more susceptible to digital marketing,” the letter explained. In other words (and I’m paraphrasing here), “middle school and high-school aged individuals are notoriously bad decision makers, governed by animalistic urges and a seemingly insatiable desire to experiment; we should be careful with how their data is used and collected during this life stage.”

Other Online Privacy Bills Are Making Their Way Round Capitol Hill

This push comes in the wake of several Capitol Hill online privacy bill proposals. While most of the acts in review don’t specifically make mention of teenagers, the Do Not Track Kids Act does. Co-sponsored by Ed Markey (D-MA) and Joe Barton (R-TX), the Do Not Track Kids ACT calls for a ban on all behavioral marketing of citizens 18-years-old and younger.

(A cursory analysis of how an 18-and-younger marketing ban will work, however, is somewhat perplexing. After all, if the statues calls for a ceasing of behavioral targeting on people of a certain age, how do they intend to pinpoint users’ ages if they want to ban all teenage-focused cookie tracking? But that’s another technical puzzle for another day.)

Get In Touch With A COPPA Lawyer

If you run a website that deals with kid-related products or issues, it’s important to make sure you’re in compliance with COPPA regulations. If you don’t, you could be staring down the barrel of an FTC lawsuit. Moreover, elected officials are eager to pass statues like the one described above – better to get your ducks in a row now than wait till the last minute.

The Kelly Law Firm can help. And guess what, it costs a lot less than you probably think; after all, lawyers who are tech geeks at heart understand the mindset and revenue limitations of online entrepreneurs.

Legal Disclaimer | Privacy Policy | Terms of Service
© 2017 Kelly Warner Law PLLC. All Rights Reserved.
800: 1-866-570-8585
Office: 480-588-0449