The cost for violating the Children’s Online Privacy Protection Act (COPPA) has been steadily rising, and companies subject to the law should take heed. Last week, the Federal Trade Commission (FTC) announced a record-setting $5.7 million settlement with the mobile app company Musical.ly for a myriad of COPPA violations, exceeding even the December 2018 $4.95 million COPPA settlement by the New York Attorney General. Notably, two Commissioners issued a statement accompanying the settlement, arguing that the FTC should prioritize holding executives personally responsible for their roles in deliberate violations of the law in the future.

COPPA is intended to ensure parents are informed about, and can control, the online collection of personal information (PI) from their children under age thirteen. Musical.ly (now operating as “TikTok”) is a popular social media application that allows users to create and share lip-sync videos to popular songs. The FTC cited the Shanghai-based company for numerous violations of COPPA, including failure to obtain parental consent and failure to properly delete children’s PI upon a parent’s request.

Continue Reading Thank You, Next Enforcement: Music Video App Violates COPPA, Will Pay $5.7 Million

Most companies are familiar with the Children’s Online Privacy Protection Act (COPPA) and its requirement to obtain parental consent before collecting personal information online from children under 13.  Yet COPPA also includes an information deletion requirement of which companies may be unaware.  On May 31, 2018, the Federal Trade Commission (FTC) published a blog post addressing this requirement, clarifying (i) when children’s personal information must be deleted and (ii) how the requirement applies, as well as (iii) recommending that covered companies review their information retention policies to ensure they are in compliance.

(i) COPPA’s information deletion requirement.  The FTC clarifies that, under Section 312.10 of COPPA, companies may retain children’s personal information “for only as long as is reasonably necessary to fulfill the purpose for which the information was collected.”  After that, a company must use reasonable measures to ensure such personal information is securely destroyed.

(ii) Application of the deletion requirement to children’s outdated subscription information.  In its post, the FTC applies the deletion requirement to the example of a subscription-based app directed to children under 13.  If the subscription period ends, and a parent decides not to renew the service, can the company keep the child’s personal information?  The answer, the FTC confirms, is “no”:  the information is no longer “reasonably necessary” to provide the app’s services, so it must be deleted.  This is true regardless of whether a parent affirmatively requests deletion.

(ii) Recommendation to review information retention policies in light of the deletion requirement.  The FTC recommends that companies review their information retention policies with COPPA’s deletion requirement in mind.  It lists questions to help guide companies as they navigate this requirement:

  • What types of personal information are you collecting from children?
  • What is your stated purpose for collecting the information?
  • How long do you need to hold onto the information to fulfill the purpose for which it was initially collected? For example, do you still need information you collected a year ago?
  • Does the purpose for using the information end with an account deletion, subscription cancellation, or account inactivity?
  • When it’s time to delete information, are you doing it securely?

Key takeaway.  If a company possesses personal information collected online from a child under 13, and the information no longer serves the purpose for which it was collected, the company must delete it.  Companies should review their information retention policies to ensure compliance with this COPPA requirement.

*       *       *

For more on the Children’s Online Privacy Protection Act, please read the following Socially Aware posts: FTC Issues Substantially Revised COPPA Rule: and Review of Changes and Compliance Tips; and Mobile App Legal Terms & Conditions: Six Key Considerations.

In the last few years, as advertising has followed consumers from legacy media such as television to online video and social media platforms, the Federal Trade Commission has been attempting to ensure that participants in this new advertising ecosystem understand the importance of complying with the FTC’s “Guides Concerning the Use of Endorsements and Testimonials in Advertising,” or the endorsement guides. The endorsement guides require advertisers and endorsers (also referred to as influencers) to, among other things, clearly and conspicuously disclose when the advertiser has provided an endorser with any type of compensation in exchange for an endorsement.

A failure to make appropriate disclosures may be a violation of Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive acts or practices. In recent enforcement actions, press releases, guidance, closing letters and letters sent directly to endorsers (including prominent public figures), the FTC has made clear its belief that: (1) appropriate disclosures by influencers are essential to protecting consumers; and (2) in too many instances, such disclosures are absent from celebrity or other influencer endorsements. Continue Reading The FTC’s Quest for Better Influencer Disclosures

In 2016, brands spent $570 million on social influencer endorsements on Instagram alone. This recode article takes a looks at how much influencers with certain followings can command, and whether they’re worth the investment.

And don’t overlook the legal issues associated with the use of social media influencers; the FTC just settled its first complaint against social media influencers individually. The case involved two online gamers who posted videos of themselves promoting a gaming site that they failed to disclose they jointly owned.

In a precedent setting opinion, the European Court of Human Rights held that the right to privacy of a Romanian man, Bogdan Bărbulescu, was violated when Bărbulescu’s employer, without explicitly notifying Bărbulescu, read personal messages that Bărbulescu sent from an online account that Bărbulescu had been asked to set up for work purposes.

In other European news, the attorney general for England and Wales, Jeremy Wright, MP, has begun an inquiry into whether that jurisdiction needs to impose restrictions on social media in order to help ensure criminal defendants there get a fair trial.

More than half of Americans 50 or older now get their news from social media sites, Pew Research Center’s 2017 social media survey shows.

Celebrities who promote initial coin offerings (ICOs) on social media risk violating laws that apply to the public promotion of securities.

Facebook developed an artificial intelligence robot that can express emotion by making realistic facial expressions at appropriate times.

A college student has sued Snapchat and the Daily Mail for alleged defamation and invasion of privacy arising from the use of the student’s name and image on Discover, Snapchat’s social news feature, under the headline, “Sex, Drugs and Spring Break—College Students Descent on Miami to Party in Oceans of Booze and Haze of Pot Smoke.”

Is the threat of artificial intelligence disrupting a slew of industries less imminent than we thought?

Google created a website that uses fun illustrations to show which “how to” queries its users entered into the search engine most.

The popularity of online videos that viewers can appreciate with the sound turned off has led to striking similarities between early silent film and modern social video.

Recent challenges to the Federal Trade Commission’s (FTC) authority to police data security practices have criticized the agency’s failure to provide adequate guidance to companies.

In other words, the criticism goes, businesses do not know what they need to do to avoid a charge that their data security programs fall short of the law’s requirements.

A series of blog posts that the FTC began on July 21, 2017, titled “Stick with Security,” follows promises from acting Chair Maureen Ohlhausen to provide more transparency about practices that contribute to reasonable data security. Some of the posts provide insight into specific data security practices that businesses should take, while others merely suggest what, in general, the FTC sees as essential to a comprehensive data security program. Continue Reading More Insight From the FTC on Data Security—or More of the Same?

Searching “millennials killed…” on the Internet returns over 1.5 million results in .65 seconds. Commentators have blamed the generation raised by tablets, smartphones, and apps for killing everything from marriage to brunch, often deriding today’s youth for being too opinionated and too obnoxious. It is a bit ironic, then, that the right to complain was almost a casualty of the technology generation.

Today, ecommerce and social media are ubiquitous and intertwined. For example, any ecommerce site worth its salt will include interactive user comments that enable purchasers to praise or critique products. Moreover, the power of online review sites, such as Yelp and Rotten Tomatoes, to set consumer tastes is only increasing. For example, a study conducted at Harvard Business School concluded that a one-star improvement on Yelp would lead to a roughly 9% increase in revenue for restaurants. Considering how thin profit margins are in the restaurant sector, 9% could make or break a small business.

In response to the growing significance of user reviews, some companies sought to protect their revenue streams by including non-disparagement clauses in form contracts, such as terms of service and other click-through agreements. Retailers, studios, restaurants and even hotels used these gag clauses to suppress bad reviews by levying fines and imposing other penalties on consumers. Continue Reading Get Your Gripe On: The Consumer Review Fairness Act Is Live

A New York State senator has introduced a bill that would make posting footage of a crime to social media with the intention of glorifying violence or becoming famous punishable by up to four years in prison and fines.

Instagram hit the 700-million-user mark.

Brands spent 60% more on social media advertising in the first quarter of 2017 than they did in the same quarter last year, a new report shows.

But savvy brands will do more to leverage social media than just buy advertising, according to a columnist in Entrepreneur. Chatbots that can interact with customers on private messaging networks and in connection with in-app purchasing are the next big things.

And while we’re on the subject of private messaging networks, Tumblr is launching its own version, called Cabana. It encourages six friends to “hang out” and watch YouTube videos together.

Pointing out the inadequacy of many celebrities’ methods of disclosing their status as paid endorsers of the products they promote on Instagram, the FTC sent a letter to 90 high-profile social media users that provides some guidance on how to fulfill the endorsement guides’ requirement that sponsored posts be identified in a “clear and conspicuous” way.

LinkedIn has updated its terms of service and privacy policy, reportedly to make way for new platform features such as identifying when other LinkedIn members are in physical proximity to you, making available “productivity bots” to assist you in interacting with members of your LinkedIn network and allowing third-party services to display your LinkedIn profile to their users.

Facial recognition systems will soon be used to identify visa holders as they leave the United States, raising civil rights questions.

The U.S. population’s political polarization isn’t a result of the rise of social media, a new working paper issued by the National Bureau of Economic Research suggests, because hyper-partisanship is most prevalent among older Americans who are less likely than other Americans to consume media online.

Devices_482856241Well over a year after holding a workshop addressing privacy issues associated with cross-device tracking, Federal Trade Commission (FTC) staff have issued a report. The report sets the stage by describing how cross-device tracking works, noting its “benefits and challenges,” and reviewing (and largely commending) current industry self-regulatory efforts.

The report also makes recommendations, which—while building upon the staff’s traditional themes of transparency and choice—do not introduce any materially new suggestions for compliance.

The staff’s recommendations do not have the force of law, but they do indicate the steps that the staff believes a company should take in order to avoid a charge of unfairness or deception under Section 5 of the FTC Act.

A Quick Review of Cross-Device Tracking

As more consumers utilize multiple devices in their daily lives, more and more companies are using new technologies to attempt to ascertain that multiple devices are connected to the same person. This is generally done through the use of either deterministic information (e.g., by recognizing a user through the log-in credentials he or she uses across different devices) or probabilistic information (i.e., by inferring that multiple devices are used by the same person based on information about the devices, such as IP address, location, and activities on the devices).

Continue Reading FTC Report Reinforces the Rules for Cross-Device Tracking

Google is cracking down on mobile pop-up ads by knocking down the search-result position of websites that use them.

The National Labor Relations Board decided a social media policy that Chipotle had in place for its employees violates federal labor law.

A group of lawmakers plans to introduce legislation that would criminalize revenge porn—explicit images posted to the web without the consent of the subject—at the federal level.

The Truth in Advertising organization sent the Kardashians a letter threatening to report them for violating the FTC’s endorsement guides. This isn’t the first time the legality of the famous family’s social media posts has been called into question. If only Kim would read our influencer marketing blog posts.

According to one study, 68% percent of publishers use editorial staff to create native ads.

Twitter launched a button that a company can place on its website to allow users to send a direct message to the company’s Twitter inbox.

The Center for Democracy & Technology criticized the Department of Homeland Security’s proposal to ask visa-waiver-program applicants to disclose their social media account information.

UK lawmakers issued a report calling on the big social media companies to do more to purge their platforms of hate speech and material that incites violence.

Social media is playing bigger role in jury selection, Arkansas prosecutors and criminal defense lawyers say.

A day in the life of the Economist‘s head of social media.

Seven things smart entrepreneurs do on Instagram.

Four ways to get busy people to read the email you send them.

Want to know how Facebook views your political leanings? Here’s the way to find out.

Social media has upended a number of industries. Is Wall Street next?

Facebook is getting into the video game live-streaming business.

Steven Avery’s defense attorney is keeping her 163,000 Twitter followers abreast of her ongoing defense work on behalf of the “Making a Murderer” documentary subject, and some lawyers think it’s a bad idea.

Five quick and easy ways to double your social media following.

Fake Internet traffic schemes will become the second-largest market for criminal organizations behind cocaine and opiate trafficking.

Bots and fraudsters are feasting on political ad dollars.

People are spending less time on social media apps these days? With Snapchat on pace to have more than 58 million active users this year, we’re skeptical.

The man who created the Internet wants to create a less centralized web with more privacy and less government and corporate control.

Should Twitter limit the number of tweets users can send each day? Other platforms see the value in limiting posts.

In the UK the number of arrests over offensive social media posts is soaring.

Research shows an alarming number of people in the UK can’t distinguish between marketing and non-commercial content on social media, indicating potential breaches of the CAP Code (the UK’s version of the FTC’s Endorsement Guides). Here’s how social media marketers in the UK can stay on the right side of the law.

Google co-founder Larry Page is secretly building flying cars.

Our attention spans are decreasing. Here’s how that should affect your brand’s website and social media strategy.

In a massive recent theft of Twitter usernames and passwords, “123456” was the most commonly used passcode by far. Sigh.