Earlier this month, the FTC approved a settlement with a developer of popular apps for purported violations of the Children’s Online Privacy Protection Act (COPPA).  The Commissioners voted 4-1 to authorize the Department of Justice to file the complaint and the stipulated final order resolving the matter.  Under the stipulated final order, the company was ordered to pay a $4 million civil penalty (although all but $150,000 of it was suspended for inability to pay).  The lone dissent came from Commissioner Noah Phillips who issued a dissenting statement criticizing the “recent push to heighten financial penalties . . . without clear direction other than to maximize the amount in every case.”

Commissioner Phillips made the case, as he has before, that harm should be the starting point when fashioning a penalty.  Steeped in economic theory, he argued that “basing penalties on harm forces defendants to internalize the costs their behavior imposes on others, orienting conduct in a socially beneficial fashion.”  Chairman Simons also issued a statement, contending that starting with harm is “inapposite” when Congress explicitly prohibits practices and directs the agency to impose penalties.


Continue Reading Two Conservative, But Very Different, Approaches to Calculating Civil Penalties: Harm vs. Deterrence

The Federal Trade Commission held a workshop yesterday in Washington, D.C., to discuss possible updates to the COPPA Rule, which implements the Children’s Online Privacy Protection Act (“COPPA”). COPPA was originally enacted in 1998 and regulates the way entities collect data and personal information online from children under the age of 13. The Rule hasn’t been updated since 2013, and the intervening years have produced seismic technological advances and changes in business practices, including changes to platforms and apps hosting third-party content and marketing targeting kids, the growth of smart technology and the “Internet of Things,” educational technology, and more.

For the most part, FTC staff moderators didn’t tip their hand as to what we can expect to see in a proposed Rule revision. (One staff member was the exception, whose rapid-fire questions offered numerous counterpoints to industry positions, so much so that the audience would be forgiven for thinking they were momentarily watching oral argument at the Supreme Court.) Brief remarks from Commissioners Wilson and Phillips staked out their positions more clearly, but their individual views were so different that they too offered little assistance in predicting what a revised Rule may look like. Commissioner Wilson opened the workshop by sharing her own experience as a parent trying to navigate and supervise the games, apps and toys played by her children, and emphasized the need for regulation to keep up with the pace of technology to continue protecting children online. Commissioner Phillips also referred to his children at one point, but his remarks warned against regulation for regulation’s sake, flagged the chilling effect on content creation and diversity when businesses are saddled with greater compliance costs, and advocated a risk-based approach.


Continue Reading FTC’s COPPA Rule Workshop: A Summary of Priorities from Advocates and Industry, and the FTC’s Poker Face

Many in the industry are familiar with the following scenario. A young gamer, grinding tirelessly for untold hours perfecting her skill, honing her strategy, finally qualifies for an esports tournament. For that gamer, the true hard work begins after qualification. She now has to try to convince her parents to agree to let her participate, which may include travel (though compensated) to a far off location. In many cases, the first time the parents become aware that their child even entered a tournament (much less won an all-expense paid trip to an esports tournament) is this conversation—after the child has already been offered compensation to travel to and compete in the tournament.

If you are a game publisher, tournament organizer, or otherwise involved in the logistical chain of events described herein, there may be a big problem. The collection and use of data provided by children is regulated in the United States by the Children’s Online Privacy Protection Act (“COPPA”). COPPA is designed to protect the privacy of children by establishing certain requirements for websites that market to children. Most notably, COPPA requires website operators to obtain “verifiable parental consent” before collecting personal information from children. The FTC operates under the assumption that if children are the target demographic for a website, the website must assume that the person accessing the website is a child, and proper consent must be obtained. This assumption exists even if the website did not start with children as the target audience.


Continue Reading Update Required for Youth Esports

The National Advertising Division Annual Conference kicked off with Andrew Smith, the Director of the FTC’s Bureau of Consumer Protection, as the keynote speaker. Near the close of his remarks, Director Smith announced that the FTC will hold a workshop on the Children’s Online Privacy Protection Act (“COPPA”). For a refresher, COPPA is designed to protect the privacy of children by establishing certain requirements for websites that market to children. The FTC operates under the assumption that if children are the target demographic for a website, the website must assume that the person accessing the website is a child, and proper consent must be obtained. This assumption exists even if the website did not start with children as the target audience.

To illustrate this point, Director Smith discussed TikTok, a social media app that allows users to create and share short-form videos, which purchased Musical.ly, an app that allowed its users to post videos of themselves lip synching to songs. Musical.ly originally marketed to adults. However, as the website grew in popularity, it became clear that children used the website and that Musical.ly knew that children used the website. On February 27, 2019, the FTC brought a Complaint against Musical.ly alleging that Musical.ly collected information about children, but did not obtain the required parental consent to collect that information. In fact, child predators began using the website to obtain the location of children, though luckily, no child was hurt. As a result, TikTok agreed to pay $5.7 million to settle the FTC allegations.


Continue Reading A Morning Cup of COPPA From the NAD Annual Conference

With more and more children becoming technologically savvy, parents are having to rely more heavily on laws such as the Children’s Online Privacy Protection Act (“COPPA”) to shield their children’s information. The FTC recently issued a warning letter to a Ukraine-based company, Wildec LLC (“Wildec”), for allowing children under the age of thirteen to access its dating apps—alleging a potential violation of COPPA and the FTC Act.

A little background on COPPA: the FTC’s COPPA Rule prohibits companies from collecting, using, or sharing personal information from a child, which is defined as an individual under the age of thirteen, without the parent’s verifiable consent. In addition, companies must also provide a notice on its website stating what information is collected as well as any disclosure practices for such information.

Wildec’s dating apps collected an array of information from its users, such as email addresses, photographs, dates of birth, as well as a user’s real-time location data. Although the app’s privacy policy prohibited users under the age of thirteen, the FTC staff found that users who indicated they were under thirteen were not prevented from accessing and using the apps, and staff were able to locate individuals that indicated they were as young as twelve. In addition, the FTC noted in its warning letter that “facilitating other users’—including adults’—ability to identify and communicate with children—even those 13 or over—poses a significant risk to children’s health and safety.” Following the allegations, the apps were swiftly removed from Google Play and Apple’s App Store.


Continue Reading FTC Warns Ukraine Company: You Can’t Let Kids Use Your Dating Apps

The Commissioners of the FTC agreed, during an oversight hearing on November 27, 2018, to investigate the use of “loot boxes” in video games. Senator Hassan (D-NH), following up on questions she asked the newly appointed Commissioners during their confirmation hearings, specifically requested the FTC investigate loot boxes citing addiction concerns, (especially as it relates to children) and the resemblance of loot boxes in video games to gambling.

A loot box is a digital container of virtual goods that a user can purchase in-game using real-world currency. A user does not know what is in the loot box before purchasing. The loot box may contain digital goods (such as character skins, tools, weapons, etc.) that the user can use in the game. Importantly, the user cannot choose the contents of the loot box. The box could contain an extremely rare/sought-after item or the contents could be a collection of items already owned by the user (or somewhere in between).


Continue Reading The FTC is Searching for the Value in Loot

A few years ago, tech companies were confronted with a common complaint from parents: their children were inadvertently spending lots of money on in-app purchases while using children’s apps. Although this led to the implementation of expanded parental control settings, children’s app developers stayed the course. Last month, however, three senators asked the FTC to

It has taken a while, but the FCC has finally realized that the Children’s Television Act (CTA or “Kidvid” as it is called in the industry) is more than somewhat out of date: The media world is not what it was when the CTA was passed by Congress 28 years ago. According to the FCC, among the other changes brought on by the advent of the Digital Age, children are engaging in less “appointment viewing” and in more on-demand, online and other non-broadcast content consumption. The FCC has concluded that the expansion of viewing outlets and the changes in children’s educational and entertainment options warrant a reexamination of some of its rules implementing the CTA. It has issued a Notice of Proposed Rulemaking (“NPRM”), has received comments and can be expected to act on the proposed changes in the next several months.

The NPRM advances several “tentative conclusions” related to the content that broadcasters may count toward satisfying the “Core Programming” requirement. Essentially, the FCC has defined Core Programming as programming that targets children under 13 as the intended audience. The definition will not be changed but the FCC has proposed eliminating several of the Core Programming criteria, specifically, the requirements that Core Programming be (1) at least 30 minutes in length; (2) regularly scheduled; and (3) identified as Core Programming within the content using the designation “E/I,” which stands for “Educational and Informational.” The NPRM is also seeking comments on whether to maintain or eliminate several other Core Programming and reporting requirements, including that (A) Core Programming be broadcast between 7:00 a.m. and 10:00 p.m.; (B) that broadcasters notify program guide publishers about Core Programming; and (C) that broadcasters file quarterly compliance reports with the FCC. Moving forward with the proposed reduction in paperwork associated with the CTA Rules should be a no-brainer; whether the prescriptive scheduling requirement will be changed is harder to predict.


Continue Reading Big Bird Goes Digital: The FCC Undertakes to Modernize Children’s Television

boy drinking from water bottleGatorade recently learned two timeless lessons the hard way from the State of California.  First, never mess with water.  Second, advertising claims are everywhere, including in what some might consider to be just fun and games.  In exchange for these lessons, Gatorade paid the State of California $300,000 and agreed to injunctive relief.

So what attracted California’s attention?  Gatorade in conjunction with Usain Bolt created a cellphone game called “Bolt” in which players help Bolt pick up coins.  Touching a Gatorade icon made Bolt run faster, while touching a water droplet slowed the world’s fastest human down (and decreased the “fuel meter”).  In case the point was too subtle, the game’s tutorial also instructed users to “keep your performance level high by avoiding water.”  California alleged that the game was downloaded 2.3 million times.


Continue Reading California to Gatorade – Don’t Mess with Water

kids and laptopsFor some time now the Children’s Advertising Review Unit (CARU) has been guided by the able hands of Acting Director Phyllis Spaeth. The Council of Better Business Bureaus (BBB) which oversees both CARU and NAD just announced the conclusion of their search for a new permanent director — Dona Fraser. Phyllis returns to her previous