FROM: U.S. FEDERAL TRADE COMMISSION
FTC Warns Children’s App Maker BabyBus About Potential COPPA Violations
Letter Notes Company’s Apps Appear to Collect Children’s Location Info
The staff of the Federal Trade Commission sent a letter to a China-based developer of mobile applications directed to children, warning that the company may be in violation of the Children’s Online Privacy Protection Act (COPPA) Rule.
In the letter, the FTC notes that it appears the child-directed applications marketed by the company, BabyBus, appear to collect precise geolocation information about users. The letter notes that the company does not get parents’ consent before collecting children’s personal information, which would appear to violate the COPPA Rule.
The letter notes that the applications, available on the Apple App Store, Amazon App Store and Google Play, have been downloaded millions of times. The apps are clearly directed to children from ages one to six, including apps that teach letters, numbers and shapes. The letter was also sent to the three application marketplaces.
The COPPA Rule requires companies collecting personal information from children under 13 to post clear privacy policies and to notify parents and get their consent before collecting or sharing any information from a child. The rule was revised in 2013 to adapt to the growth of mobile technology aimed at children.
The letter asks the company to evaluate its apps and determine whether they may be in violation, as well as informing the company that the Commission will review the apps again in the next month to ensure they are in compliance with the rule.
The Commission vote to authorize public release of the letter was 5-0.
A PUBLICATION OF RANDOM U.S.GOVERNMENT PRESS RELEASES AND ARTICLES
Showing posts with label CHILDREN'S ONLINE PRIVACY PROTECTION ACT. Show all posts
Showing posts with label CHILDREN'S ONLINE PRIVACY PROTECTION ACT. Show all posts
Wednesday, December 24, 2014
Friday, September 19, 2014
TWO COMPANIES SETTLE FTC CHARGES OF IMPROPERLY COLLECTING PERSONAL INFORMATION ON CHILDREN
FROM: U.S. FEDERAL TRADE COMMISSION
Yelp, TinyCo Settle FTC Charges Their Apps Improperly Collected Children’s Personal Information
Online review site Yelp, Inc., and mobile app developer TinyCo, Inc., agreed to settle separate Federal Trade Commission charges that they improperly collected children’s information in violation of the Children’s Online Privacy Protection Act, or COPPA, Rule. Under the terms of the settlements, Yelp will pay a $450,000 civil penalty, while TinyCo will pay a $300,000 civil penalty.
“As people – especially children – move more of their lives onto mobile devices, it’s important that they have the same consumer protections when they’re using an app that they have when they’re on a website,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “Companies should take steps as they build and test their apps to make sure that children’s information won’t be collected without a parent’s consent.”
COPPA requires that companies collecting information about children under 13 online follow a number of steps to ensure that children’s information is protected, including clearly disclosing how the information is used directly to parents and seeking verifiable parental consent before collecting any information from a child.
Yelp, Inc.
The FTC’s complaint against Yelp alleges that, from 2009 to 2013, the company collected personal information from children through the Yelp app without first notifying parents and obtaining their consent. When consumers registered for Yelp through the app on their mobile device, according to the complaint, they were asked to provide their date of birth during the registration process.
According to the complaint, several thousand registrants provided a date of birth showing they were under 13 years old, and Yelp collected information from them including, for example, their name, e-mail address, and location, as well as any information that they posted on Yelp.
The FTC’s complaint alleges that Yelp failed to follow the COPPA Rule’s requirements, even though it knew – based on registrants’ birth dates – that children were registering for Yelp through the mobile app. According to the complaint, Yelp failed to implement a functional age-screen in its apps, thereby allowing children under 13 to register for the service, despite having an age-screen mechanism on its website. In addition, the complaint alleges that Yelp did not adequately test its apps to ensure that users under the age of 13 were prohibited from registering.
In addition to the $450,000 civil penalty, under the terms of its settlement with the FTC, Yelp must delete information it collected from consumers who stated they were 13 years of age or younger at the time they registered for the service, except in cases where the company can prove to the FTC that the consumers were actually older than 13.
The settlement will also require the company to comply with COPPA requirements in the future and submit a compliance report to the FTC in one year outlining its COPPA compliance program.
TinyCo, Inc.
The FTC’s complaint against TinyCo alleges that many of the company’s popular apps, which were downloaded more than 34 million times across the major mobile app stores, targeted children. Among the apps named in the complaint are Tiny Pets, Tiny Zoo, Tiny Monsters, Tiny Village and Mermaid Resort. The complaint alleges that the apps, through their use of themes appealing to children, brightly colored animated characters and simple language, were directed at children under 13 and thus, TinyCo was subject to the COPPA Rule.
Many of TinyCo’s apps included an optional feature that collected e-mail addresses from users, including children younger than age 13. In some of the company’s apps, by providing an e-mail address, users obtained extra in-game currency that could be used to buy items within the game or speed up gameplay. The FTC’s complaint alleges that the company failed to follow the steps required under the Rule related to the collection of children’s personal information.
In addition to the $300,000 civil penalty, under the terms of its settlement with the FTC, TinyCo is required to delete the information it collected from children under 13. The settlement will also require the company to comply with COPPA requirements in the future and submit a compliance report to the FTC in one year outlining its compliance with the order.
The Commission vote to authorize the staff to refer the complaints to the Department of Justice, and to approve the proposed stipulated orders, was 5-0. The DOJ filed the complaints and proposed stipulated orders on behalf of the Commission in U.S. District Court for the Northern District of California on Sept. 16, 2014. The proposed stipulated orders are subject to court approval.
NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. Stipulated orders have the force of law when signed by the District Court judge.
Tuesday, February 4, 2014
FTC TESTIFIES ON DATA SECURITY
FROM: FEDERAL TRADE COMMISSION
FTC Testifies on Data Security before Senate Banking Subcommittee
In testimony before a U.S. Senate Banking subcommittee, the Federal Trade Commission updated Congress on the agency’s ongoing efforts to promote data security through civil law enforcement, education, and policy initiatives.
Testifying on behalf of the Commission before the Senate Committee on Banking, Housing, and Urban Affairs Subcommittee on National Security and International Trade and Finance, Bureau of Consumer Protection Director Jessica Rich told lawmakers that hackers and others seek to exploit vulnerabilities in order to obtain consumers’ sensitive information and potentially misuse it.
“Data security is of critical importance to consumers. If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, resulting in fraud and other harm,” the testimony states.
The testimony notes that, to promote data security, the FTC enforces several statutes and rules that impose obligations upon businesses that collect and maintain consumer data. These include the proscription against unfair or deceptive acts or practices in Section 5 of the FTC Act; the Gramm-Leach-Bliley Act; the Fair Credit Reporting Act; and the Children’s Online Privacy Protection Act.
Since 2001, FTC has used its authority to bring cases against businesses that it charged with failing to provide reasonable protections for consumers’ personal information, the testimony states. Last week, the agency announced it had reached a milestone with its 50th data security settlement. GMR Transcription Services, Inc., a medical transcription company, agreed to settle FTC charges that it that had unreasonable data security measures, exposing the personal information of thousands of consumers on the Internet.
“In each of these cases, the Commission has examined a company’s practices as a whole and challenged alleged data security failures that were multiple and systemic,” the testimony states.
The testimony also outlines policy initiatives the FTC has undertaken to promote privacy and data security. The agency encourages companies to provide reasonable data security by following certain key principles. These include: knowing what consumer information they have; limiting the information they collect and retain; assessing risks and implementing protections for the information they maintain; properly disposing of information that they no longer need; and having a plan in place to respond to security incidents.
The testimony states that the FTC also is committed to promoting better data security practices through consumer education and business guidance. On the consumer education front, the Commission sponsors OnGuard Online, a website designed to educate consumers about basic computer security, as well as its Spanish-language counterpart Alerta en LĂnea. For consumers who may have been affected by the recent Target and other breaches, the FTC posted information online about steps they should take to protect themselves.
The FTC also widely disseminates a business guide on data security, along with an online tutorial, that are designed to provide diverse businesses –especially small businesses – with practical, concrete advice as they develop data security programs and plans for their companies, the testimony notes.
Finally, the testimony points out the FTC’s long history of working closely with federal and state agencies, as well as the private sector, to promote privacy and data security. The agency works with state Attorneys General to coordinate investigations and leverage its resources. It also has worked with criminal law enforcement agencies, such as the Federal Bureau of Investigation and Secret Service, that prosecute identity thieves, fraudsters, and other criminals.
“The FTC remains committed to promoting reasonable security for consumer data and we look forward to continuing to work with Congress on this critical issue,” the testimony states.
The Commission vote approving the testimony and its inclusion in the formal record was 4-0.
FTC Testifies on Data Security before Senate Banking Subcommittee
In testimony before a U.S. Senate Banking subcommittee, the Federal Trade Commission updated Congress on the agency’s ongoing efforts to promote data security through civil law enforcement, education, and policy initiatives.
Testifying on behalf of the Commission before the Senate Committee on Banking, Housing, and Urban Affairs Subcommittee on National Security and International Trade and Finance, Bureau of Consumer Protection Director Jessica Rich told lawmakers that hackers and others seek to exploit vulnerabilities in order to obtain consumers’ sensitive information and potentially misuse it.
“Data security is of critical importance to consumers. If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, resulting in fraud and other harm,” the testimony states.
The testimony notes that, to promote data security, the FTC enforces several statutes and rules that impose obligations upon businesses that collect and maintain consumer data. These include the proscription against unfair or deceptive acts or practices in Section 5 of the FTC Act; the Gramm-Leach-Bliley Act; the Fair Credit Reporting Act; and the Children’s Online Privacy Protection Act.
Since 2001, FTC has used its authority to bring cases against businesses that it charged with failing to provide reasonable protections for consumers’ personal information, the testimony states. Last week, the agency announced it had reached a milestone with its 50th data security settlement. GMR Transcription Services, Inc., a medical transcription company, agreed to settle FTC charges that it that had unreasonable data security measures, exposing the personal information of thousands of consumers on the Internet.
“In each of these cases, the Commission has examined a company’s practices as a whole and challenged alleged data security failures that were multiple and systemic,” the testimony states.
The testimony also outlines policy initiatives the FTC has undertaken to promote privacy and data security. The agency encourages companies to provide reasonable data security by following certain key principles. These include: knowing what consumer information they have; limiting the information they collect and retain; assessing risks and implementing protections for the information they maintain; properly disposing of information that they no longer need; and having a plan in place to respond to security incidents.
The testimony states that the FTC also is committed to promoting better data security practices through consumer education and business guidance. On the consumer education front, the Commission sponsors OnGuard Online, a website designed to educate consumers about basic computer security, as well as its Spanish-language counterpart Alerta en LĂnea. For consumers who may have been affected by the recent Target and other breaches, the FTC posted information online about steps they should take to protect themselves.
The FTC also widely disseminates a business guide on data security, along with an online tutorial, that are designed to provide diverse businesses –especially small businesses – with practical, concrete advice as they develop data security programs and plans for their companies, the testimony notes.
Finally, the testimony points out the FTC’s long history of working closely with federal and state agencies, as well as the private sector, to promote privacy and data security. The agency works with state Attorneys General to coordinate investigations and leverage its resources. It also has worked with criminal law enforcement agencies, such as the Federal Bureau of Investigation and Secret Service, that prosecute identity thieves, fraudsters, and other criminals.
“The FTC remains committed to promoting reasonable security for consumer data and we look forward to continuing to work with Congress on this critical issue,” the testimony states.
The Commission vote approving the testimony and its inclusion in the formal record was 4-0.
Subscribe to:
Posts (Atom)