Photo of Sheila A. MillarPhoto of Tracy P. Marshall

When the California legislature passed the California Age-Appropriate Design Code Act (CAADCA or Act) AB 2273 in September of this year, it generated considerable controversy. Companies, trade associations, and even some non-governmental organizations questioned whether the law’s broad reach was not just counterproductive and likely to invade consumer privacy, but preempted by federal law and

Photo of Sheila A. Millar

On August 24, 2022, the Federal Trade Commission (FTC or Commission) submitted a report to the Congressional Committees on Appropriations detailing current resources and personnel dedicated to COPPA enforcement, the number of COPPA violation investigations over the past five years, and the types of relief obtained in completed investigations. The report was submitted in response

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

Two important settlements involving alleged violations of the Children’s Online Privacy Protection Act (COPPA) were announced in December 2021. Actions by both federal and state regulators reinforce that COPPA remains on the regulatory radar screen, particularly when it comes to ad tech. Efforts to more broadly limit programmatic advertising are also underway.

FTC and OpenX

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

The Federal Trade Commission (FTC) took the unprecedented step of removing one of the approved Safe Harbor organizations under the Children’s Online Privacy Protection Act (COPPA) for failing to provide effective monitoring and assessment of its member companies’ websites, as required under the COPPA Rule. Earlier this year, Commission staff warned Aristotle International, Inc., whose

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

As Congress remains locked in a stalemate over the terms of a comprehensive federal privacy law, states continue to forge ahead. Following California, Virginia is the second U.S. state to enact its own comprehensive privacy law governing the collection and use of personal data. Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA)

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

Protecting the online privacy of children by enforcing the Children’s Online Privacy Protection Act (COPPA) continues to be of paramount importance to federal and state regulators. In addition to the Federal Trade Commission (FTC), several state attorneys general (AGs) have brought COPPA actions recently, including the New Mexico and California AGs, and, most notably, the

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

A recent Federal Trade Commission (FTC) settlement with an online game company that allegedly tracked children illegally highlights some important questions, namely, how should the FTC assess the penalties it imposes for privacy violations, and what is the most effective way to both deter and punish companies for such violations?

The complaint in question was

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

One of the first formal privacy safe harbor programs was created under the Children’s Online Privacy Protection Act (COPPA). Put simply, businesses are deemed in compliance with COPPA if they belong to an FTC-approved COPPA safe harbor program and follow the safe harbor program’s guidelines. But the FTC takes seriously any false claim about participation

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

The UK Information Commissioner’s Office (ICO) recently finalized its Age-appropriate design: a code of practice for online services (the code). The code applies to any “relevant information society services which are likely to be accessed by children” (by which the ICO means minors under age 18), whether designed for kids or general audiences. The new