COPPA

Subscribe to COPPA

New York is now one of the 43 states where “revenge porn,” the posting of explicit photographs or videos to the Internet without the subject’s consent, is punishable by law. See how far the states have come – find out how many had criminalized revenge porn as of 2014, when Socially Aware first covered the issue.

YouTube announced that it will not allow channels that promote anti-vaccination videos to run advertisements because such videos violate the platform’s policy, which, among other things, disallows the monetization of “dangerous content.” Many of the companies whose ads appeared alongside anti-vaccination content say they were not aware it was happening. Find out how that could be possible.

Senator John Kennedy (R-LA) has introduced a bill that would give Internet users considerably more control over their personal data by mandating that social media companies inform registrants—in simple, easy-to-understand terms—that they are entering into an agreement licensing their personal data to the company. Coined the Own Your Own Data Act, the legislation would also require social media platforms to make it easy for their registrants to cancel the licensing agreement and obtain the collected data and any analysis of it.

Another privacy bill, this one proposed by Senators Ed Markey (D-MA) and Josh Hawley (R-MO), would amend the Children’s Online Privacy Protection Act (COPPA) to completely prohibit the running of targeted advertisements on websites targeted to children. Find out how else the bill would amend COPPA, and how long companies would have to comply with the amendment if it became law.

The debate over whether politicians have a right to block people on social media rages on.

The United States isn’t the only country whose president favors social media as a vehicle for sharing his views.

A #TwitterLaw symposium is being held at the University of Idaho College of Law next month. Road trip, anyone?

Even the British Royal Family has to contend with social media trolls.

The cost for violating the Children’s Online Privacy Protection Act (COPPA) has been steadily rising, and companies subject to the law should take heed. Last week, the Federal Trade Commission (FTC) announced a record-setting $5.7 million settlement with the mobile app company Musical.ly for a myriad of COPPA violations, exceeding even the December 2018 $4.95 million COPPA settlement by the New York Attorney General. Notably, two Commissioners issued a statement accompanying the settlement, arguing that the FTC should prioritize holding executives personally responsible for their roles in deliberate violations of the law in the future.

COPPA is intended to ensure parents are informed about, and can control, the online collection of personal information (PI) from their children under age thirteen. Musical.ly (now operating as “TikTok”) is a popular social media application that allows users to create and share lip-sync videos to popular songs. The FTC cited the Shanghai-based company for numerous violations of COPPA, including failure to obtain parental consent and failure to properly delete children’s PI upon a parent’s request.

Continue Reading Thank You, Next Enforcement: Music Video App Violates COPPA, Will Pay $5.7 Million

Most companies are familiar with the Children’s Online Privacy Protection Act (COPPA) and its requirement to obtain parental consent before collecting personal information online from children under 13.  Yet COPPA also includes an information deletion requirement of which companies may be unaware.  On May 31, 2018, the Federal Trade Commission (FTC) published a blog post addressing this requirement, clarifying (i) when children’s personal information must be deleted and (ii) how the requirement applies, as well as (iii) recommending that covered companies review their information retention policies to ensure they are in compliance.

(i) COPPA’s information deletion requirement.  The FTC clarifies that, under Section 312.10 of COPPA, companies may retain children’s personal information “for only as long as is reasonably necessary to fulfill the purpose for which the information was collected.”  After that, a company must use reasonable measures to ensure such personal information is securely destroyed.

(ii) Application of the deletion requirement to children’s outdated subscription information.  In its post, the FTC applies the deletion requirement to the example of a subscription-based app directed to children under 13.  If the subscription period ends, and a parent decides not to renew the service, can the company keep the child’s personal information?  The answer, the FTC confirms, is “no”:  the information is no longer “reasonably necessary” to provide the app’s services, so it must be deleted.  This is true regardless of whether a parent affirmatively requests deletion.

(ii) Recommendation to review information retention policies in light of the deletion requirement.  The FTC recommends that companies review their information retention policies with COPPA’s deletion requirement in mind.  It lists questions to help guide companies as they navigate this requirement:

  • What types of personal information are you collecting from children?
  • What is your stated purpose for collecting the information?
  • How long do you need to hold onto the information to fulfill the purpose for which it was initially collected? For example, do you still need information you collected a year ago?
  • Does the purpose for using the information end with an account deletion, subscription cancellation, or account inactivity?
  • When it’s time to delete information, are you doing it securely?

Key takeaway.  If a company possesses personal information collected online from a child under 13, and the information no longer serves the purpose for which it was collected, the company must delete it.  Companies should review their information retention policies to ensure compliance with this COPPA requirement.

*       *       *

For more on the Children’s Online Privacy Protection Act, please read the following Socially Aware posts: FTC Issues Substantially Revised COPPA Rule: and Review of Changes and Compliance Tips; and Mobile App Legal Terms & Conditions: Six Key Considerations.