Mobile App Operators Must Be Mindful of Children’s Privacy Issues
As part of an increase in regulatory focus on data collection, usage and disclosure practices in the mobile app industry, especially with respect to minors, the Federal Trade Commission (FTC) brought charges against two mobile app operators,LAI Systems, LLC and Retro Dreamer, alleging violations of the recently amended Children’s Online Privacy Protection Act (COPPA). LAI Systems and Retro Dreamer eventually agreed to the terms of a settlement that required them to pay $360,000 in fines, combined.
The FTC’s complaint against LAI Systems and Retro Dreamer is consistent with recent regulatory prioritization of children’s privacy in the digital/mobile space, including recent COPPA amendments, further guidance on those amendments and commensurate state action regarding children’s privacy. In connection with the LAI Systems/Retro Dreamer actions, Jessica Rich, director of the FTC’s Bureau of Consumer Protection, stated, “These cases make it clear that we’re closely watching this space to ensure children’s privacy online is being protected.”
When Do Mobile App Operators Need to be Mindful of COPPA?
Mobile Apps and COPPA
Generally speaking, COPPA establishes a series of rules that apply when a website or mobile app operator knowingly collects personal information from individuals under thirteen (13) years of age. Such rules include provisions governing the type of parental consent required, the permitted uses of such personal information and the opt-outs and other choices that must be granted to consumers in connection therewith.
In addition, even if a mobile app operator is not knowingly collecting information from users under thirteen (13) years of age, that operator may need to comply with various COPPA provisions if the mobile app content itself is likely to attract minors. Central to the LAI Systems and Retro Dreamer complaints, the FTC alleged that each company offers/operates mobile apps that are geared toward children, thus subjecting them to COPPA.
In particular, the FTC alleged that each company utilized “persistent identifiers” to serve advertising to children, representing a form of data collection that is regulated by the newly amended COPPA. From the FTC’s press release discussing these cases: “Persistent identifiers – pieces of data that are tied to a particular user or device – were among the categories added to the COPPA Rule’s definition of personal information when it was updated in 2013.”
Make Certain that Your Mobile App Privacy Practices Are Legally Compliant
Given the increased regulatory scrutiny, and expanded scope of COPPA, it is extremely important that website and mobile app operators determine if their offerings are subject to COPPA and, if so, how to ensure that their data collection and use practices are compliant with applicable state and federal law, not just COPPA. As such, it is highly recommended that you retain qualified legal counsel to ensure that your mobile app and/or website offerings, and associated privacy practices and policies, comply with the evolving regulatory landscape.