The Children’s Online Privacy Protection Act (COPPA) has been on the books for years and is enforced by the Federal Trade Commission (FTC). COPPA basically prohibits companies from collecting personal information from children under the age of 13 without parental consent. The FTC has an impressive record of enforcement actions under COPPA and compliance with COPPA is an important part of a company’s compliance program, as applicable.
Many companies are unaware that there are also state laws applicable to the collection of children’s personal information, so consideration of compliance with those laws is important as well.
This week, Washington’s Attorney General Bob Ferguson (AG) announced that his office has settled an enforcement action against tech companies Super Basic LLC and its parent Maple Media LLC, which developed the “We Heart It” app, for $100,000 to end allegations that the companies unlawfully collected children’s data without parental consent.
In addition to the monetary penalty, the companies have agreed to pay $400,000 if they fail to comply with COPPA and the consent decree entered into between the parties.
The decree requires that companies use an “age gate” to prevent children under 13 from opening accounts; obtain parental consent before collecting data from children under 13; give notice directly to adults of children’s online data practices;audit user accounts to track whether accounts are being opened by children; and delete any accounts that belong to children under the age of 13.
The consent decree is similar to those handed out by the FTC, and also serves as a reminder that both the FTC and State AGs are focused on the protection of the collection of children’s personal information and are stepping up enforcement in this area.
It also reminds parents to continue to monitor their children’s online behavior. These state and federal children’s privacy laws are for the protection of children, which is, and should be, a public-private partnership between agencies and parents.