With more and more children becoming technologically savvy, parents are having to rely more heavily on laws such as the Children’s Online Privacy Protection Act (“COPPA”) to shield their children’s information. The FTC recently issued a warning letter to a Ukraine-based company, Wildec LLC (“Wildec”), for allowing children under the age of thirteen to access its dating apps—alleging a potential violation of COPPA and the FTC Act.

A little background on COPPA: the FTC’s COPPA Rule prohibits companies from collecting, using, or sharing personal information from a child, which is defined as an individual under the age of thirteen, without the parent’s verifiable consent. In addition, companies must also provide a notice on its website stating what information is collected as well as any disclosure practices for such information.

Wildec’s dating apps collected an array of information from its users, such as email addresses, photographs, dates of birth, as well as a user’s real-time location data. Although the app’s privacy policy prohibited users under the age of thirteen, the FTC staff found that users who indicated they were under thirteen were not prevented from accessing and using the apps, and staff were able to locate individuals that indicated they were as young as twelve. In addition, the FTC noted in its warning letter that “facilitating other users’—including adults’—ability to identify and communicate with children—even those 13 or over—poses a significant risk to children’s health and safety.” Following the allegations, the apps were swiftly removed from Google Play and Apple’s App Store.Continue Reading FTC Warns Ukraine Company: You Can’t Let Kids Use Your Dating Apps

The Commissioners of the FTC agreed, during an oversight hearing on November 27, 2018, to investigate the use of “loot boxes” in video games. Senator Hassan (D-NH), following up on questions she asked the newly appointed Commissioners during their confirmation hearings, specifically requested the FTC investigate loot boxes citing addiction concerns, (especially as it relates to children) and the resemblance of loot boxes in video games to gambling.

A loot box is a digital container of virtual goods that a user can purchase in-game using real-world currency. A user does not know what is in the loot box before purchasing. The loot box may contain digital goods (such as character skins, tools, weapons, etc.) that the user can use in the game. Importantly, the user cannot choose the contents of the loot box. The box could contain an extremely rare/sought-after item or the contents could be a collection of items already owned by the user (or somewhere in between).Continue Reading The FTC is Searching for the Value in Loot

A few years ago, tech companies were confronted with a common complaint from parents: their children were inadvertently spending lots of money on in-app purchases while using children’s apps. Although this led to the implementation of expanded parental control settings, children’s app developers stayed the course. Last month, however, three senators asked the FTC to

It has taken a while, but the FCC has finally realized that the Children’s Television Act (CTA or “Kidvid” as it is called in the industry) is more than somewhat out of date: The media world is not what it was when the CTA was passed by Congress 28 years ago. According to the FCC, among the other changes brought on by the advent of the Digital Age, children are engaging in less “appointment viewing” and in more on-demand, online and other non-broadcast content consumption. The FCC has concluded that the expansion of viewing outlets and the changes in children’s educational and entertainment options warrant a reexamination of some of its rules implementing the CTA. It has issued a Notice of Proposed Rulemaking (“NPRM”), has received comments and can be expected to act on the proposed changes in the next several months.

The NPRM advances several “tentative conclusions” related to the content that broadcasters may count toward satisfying the “Core Programming” requirement. Essentially, the FCC has defined Core Programming as programming that targets children under 13 as the intended audience. The definition will not be changed but the FCC has proposed eliminating several of the Core Programming criteria, specifically, the requirements that Core Programming be (1) at least 30 minutes in length; (2) regularly scheduled; and (3) identified as Core Programming within the content using the designation “E/I,” which stands for “Educational and Informational.” The NPRM is also seeking comments on whether to maintain or eliminate several other Core Programming and reporting requirements, including that (A) Core Programming be broadcast between 7:00 a.m. and 10:00 p.m.; (B) that broadcasters notify program guide publishers about Core Programming; and (C) that broadcasters file quarterly compliance reports with the FCC. Moving forward with the proposed reduction in paperwork associated with the CTA Rules should be a no-brainer; whether the prescriptive scheduling requirement will be changed is harder to predict.Continue Reading Big Bird Goes Digital: The FCC Undertakes to Modernize Children’s Television

boy drinking from water bottleGatorade recently learned two timeless lessons the hard way from the State of California.  First, never mess with water.  Second, advertising claims are everywhere, including in what some might consider to be just fun and games.  In exchange for these lessons, Gatorade paid the State of California $300,000 and agreed to injunctive relief.

So what attracted California’s attention?  Gatorade in conjunction with Usain Bolt created a cellphone game called “Bolt” in which players help Bolt pick up coins.  Touching a Gatorade icon made Bolt run faster, while touching a water droplet slowed the world’s fastest human down (and decreased the “fuel meter”).  In case the point was too subtle, the game’s tutorial also instructed users to “keep your performance level high by avoiding water.”  California alleged that the game was downloaded 2.3 million times.Continue Reading California to Gatorade – Don’t Mess with Water

kids and laptopsFor some time now the Children’s Advertising Review Unit (CARU) has been guided by the able hands of Acting Director Phyllis Spaeth. The Council of Better Business Bureaus (BBB) which oversees both CARU and NAD just announced the conclusion of their search for a new permanent director — Dona Fraser. Phyllis returns to her previous

little girl and laptopOn June 21, 2017, the Federal Trade Commission (FTC) updated one of its Children’s Online Privacy Protection Act (COPPA) compliance guides for businesses. Known as the “Six-Step Compliance Plan,” this document provides a step-by-step road map for determining if a company is covered by COPPA and what to do to comply.

COPPA applies to operators of websites and online services that collect “personal information” from children under 13 years of age, where the site or service is directed to children or has actual knowledge that it is collecting personal information from a child. COPPA’s coverage extends to a variety of online services, such as mobile apps, internet-enabled gaming platforms, and – in some cases – companies that collect personal information directly from users of another website or online service (such as ad networks and plug-ins).Continue Reading FTC Updates COPPA Guidance for IoT and New Consent Options

Our friend Elaine Kolish, Director of the Children’s Food and Beverage Advertising Initiative is stepping down shortly after a remarkable ten year run. So we thought this was a great opportunity to sit down with Elaine and look back over her accomplishments, what might be coming next for the organization, and lessons that companies in

Last week, in settlements with two app developers, the Federal Trade Commission (“FTC”) announced its first enforcement actions under the Children’s Online Privacy Protection Rule (“COPPA Rule”) amendments on persistent identifiers.  Persistent identifiers are data that can be used to recognize a user over time and across different websites or online services.  In 2012, we blogged about the FTC’s update to the COPPA Rule, which added persistent identifiers to the definition of “personal information.”  Although some exceptions apply, the FTC made clear that persistent identifiers cannot be used for targeted (behavioral) advertising on child-directed sites or services, absent parental notice and consent.  
Continue Reading No Cop Out in COPPA: The FTC’s First Enforcement Actions on Persistent Identifiers

The Advertising Self-Regulatory Council operates several self-regulatory programs including CARU, NAD and ERSP.  Traditionally these have been thought of as distinct programs – CARU regulates marketing to children, ERSP regulates companies that market and sell their products electronically while NAD oversees most traditional national advertisers.  While this compartmentalization is largely true, there is some overlap between ERSP and NAD as well as some differences in their procedures that could lead clients to think strategically about which venue to select for a self-regulatory challenge.

While ERSP’s jurisdiction extends to “electronic retailers,” many traditional advertisers either provide an opportunity to purchase their products online or offer consumers information on their website about locations where specific products can be purchased.  In either case, the company would fall within ERSP’s definition of an “electronic retailer.”  At the same time NAD has jurisdiction over any “national advertising” meaning that there can be not inconsiderable overlap between the two entities. 
Continue Reading Broadening Your Self-Regulatory Options – 2 Sheriffs in Town