On July 1, the FTC announced a settlement with the operators of a coloring book app (collectively, “defendants”) for allegedly engaging in unfair or deceptive acts or practices and violating the Children’s Online Privacy Protection Act Rule (COPPA). The DOJ, on behalf of the FTC, filed a complaint claiming that the defendants, among other things, violated COPPA by collecting and disclosing personal information about children who utilized the app without notifying their parents and obtaining their consent. The FTC claimed that some children, including those under 13, were able to register for accounts and use the app’s social media features. The defendants allegedly received numerous complaints that children were using the app’s social media features, such as posting “selfies” on the app’s “gallery” for public viewing and interacting with other users, including adults. Under the terms of the proposed stipulated final order, the defendants must complete several steps to remedy the alleged violations, including deleting all personal information collected from children under the age of 13 within 60 days, unless parental consent is obtained. The defendants must also offer current paid subscribers a refund if they were under the age of 18 when they registered for the app. In addition, the defendants agreed to notify users about the alleged COPPA violations and the steps that users can take in response to the settlement. The proposed order provides for a $3 million civil money penalty that is suspended upon payment of $100,000 due to the defendants’ inability to pay the full amount. If the defendants sell the app within a year following the order, they are required to remit the net proceeds from the sale to the FTC after debts and other related expenses are paid.
- Checklist Checklist: Making an international transfer of personal data under the GDPR (EU) Recently updated
- How-to guide How-to guide: How to comply with data processing principles under the GDPR (EU) Recently updated
- How-to guide How-to guide: How to transfer personal data lawfully outside the European Economic Area (EU) Recently updated