When the California legislature passed the California Age-Appropriate Design Code Act (CAADCA or Act) AB 2273 in September of this year, it generated considerable controversy. Companies, trade associations, and even some non-governmental organizations questioned whether the law’s broad reach was not just counterproductive and likely to invade consumer privacy, but preempted by federal law and
COPPA
FTC Submits COPPA Report to Congress, Extends Comment Deadline for October “Stealth Advertising” Workshop

On August 24, 2022, the Federal Trade Commission (FTC or Commission) submitted a report to the Congressional Committees on Appropriations detailing current resources and personnel dedicated to COPPA enforcement, the number of COPPA violation investigations over the past five years, and the types of relief obtained in completed investigations. The report was submitted in response…
WW International to Pay $1.5 Million Civil Penalty for Alleged COPPA Violations


In 2014, with childhood obesity on the rise in the United States, tech company Kurbo, Ltd. (Kurbo) marketed a free app for kids that, according to the company, was “designed to help kids and teens ages 8-17 reach a healthier weight.” When WW International (WW) (formerly Weight Watchers) acquired Kurbo in 2018, the app was…
Major COPPA Settlements Close Out 2021


Two important settlements involving alleged violations of the Children’s Online Privacy Protection Act (COPPA) were announced in December 2021. Actions by both federal and state regulators reinforce that COPPA remains on the regulatory radar screen, particularly when it comes to ad tech. Efforts to more broadly limit programmatic advertising are also underway.
FTC and OpenX…
Could COPPA Safe Harbor Changes Be in Store?


The Federal Trade Commission (FTC) took the unprecedented step of removing one of the approved Safe Harbor organizations under the Children’s Online Privacy Protection Act (COPPA) for failing to provide effective monitoring and assessment of its member companies’ websites, as required under the COPPA Rule. Earlier this year, Commission staff warned Aristotle International, Inc., whose…
Virginia Becomes Second State to Pass Comprehensive Privacy Law


As Congress remains locked in a stalemate over the terms of a comprehensive federal privacy law, states continue to forge ahead. Following California, Virginia is the second U.S. state to enact its own comprehensive privacy law governing the collection and use of personal data. Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA)…
Washington State AG Settles with Online Platform Over Alleged COPPA Violations


Protecting the online privacy of children by enforcing the Children’s Online Privacy Protection Act (COPPA) continues to be of paramount importance to federal and state regulators. In addition to the Federal Trade Commission (FTC), several state attorneys general (AGs) have brought COPPA actions recently, including the New Mexico and California AGs, and, most notably, the…
FTC COPPA Settlement with App Developer Highlights Penalty Policy Considerations


A recent Federal Trade Commission (FTC) settlement with an online game company that allegedly tracked children illegally highlights some important questions, namely, how should the FTC assess the penalties it imposes for privacy violations, and what is the most effective way to both deter and punish companies for such violations?
The complaint in question was…
FTC Settles with Digital Game Company Over Allegedly False COPPA Safe Harbor Claims


One of the first formal privacy safe harbor programs was created under the Children’s Online Privacy Protection Act (COPPA). Put simply, businesses are deemed in compliance with COPPA if they belong to an FTC-approved COPPA safe harbor program and follow the safe harbor program’s guidelines. But the FTC takes seriously any false claim about participation…
UK ICO Finalizes Rules for Children’s Content


The UK Information Commissioner’s Office (ICO) recently finalized its Age-appropriate design: a code of practice for online services (the code). The code applies to any “relevant information society services which are likely to be accessed by children” (by which the ICO means minors under age 18), whether designed for kids or general audiences. The new…