Mobile app developer 24x7digital LLC, along with two of its officers, settled alleged violations of the Children’s Online Privacy Protection Act (“COPPA”) and the FTC’s COPPA Rule. In its lawsuit, New Jersey stated that 24x7digital’s “Teach Me Apps” encouraged preschoolers, kindergartners, and first- and second-graders to create player profiles, which included a child’s first and last name and a picture of the child. The apps allegedly transmitted the children’s first and last name and the unique device identification number associated with the app user’s mobile device to Flurry Inc., a third-party data analytics company. 24x7digital took these actions, according to the suit, without first obtaining parental consent as required by the COPPA Rule and without notice on 24x7digital’s website or apps. Under the terms of the settlement, 24x7digital agreed: (1) to stop collecting, using, and disclosing children’s personal information without first obtaining verifiable parental consent; (2) to provide direct notice to parents as well as its website or mobile apps of the type of information they collect from children, how they use such information, and whether they disclose it to third parties; and (3) to destroy within five days all personal information, including metadata, which it had collected or transmitted in violation of COPPA.
TIP: Companies should keep in mind that states, as well as the FTC, can bring actions for COPPA violations. With increased scrutiny over children’s use of mobile apps, we may see more cases similar to this one, whether from New Jersey or other states. Companies that develop apps for children should remember to follow COPPA requirements, including obtaining prior parental consent before collecting personally identifiable information from children under 13 (or should ensure that they are collecting the information under a clear exception to the law).