Amazon Censured Over Kids’ Apps That Encourage Spending

Amazon COPPA settlementAmazon settled an FTC COPPA case. Federal regulators charged the online retailer with improperly billing parents for purchases made by their children.

Amazon’s marketplace is filled with apps and games aimed at children, but some didn’t have protections to prevent underage in-game purchases for virtual “stars” and “coins.”

The problem has persisted for years, and in 2014, FTC Chairwoman Edith Ramirez touched on the issue. At the time, she explained: “Even Amazon’s own employees recognized the serious problem its process created.” Another related event sparked in May 2016. But it took until April 2017 for Amazon and the FTC to settle on an agreement.

Last Tuesday an Amazon spokesman explained:

“Since the launch of the Appstore in 2011, Amazon has helped parents prevent purchases made without their permission by offering access to parental controls, clear notice of in-app purchasing, real-time notification for every in-app purchase and refund assistance for unauthorized purchases. The court here affirmed our commitment to customers when it ruled no changes to current Appstore practices were required.

“To continue ensuring a great customer experience, we are happy to provide our customers what we have always provided: refunds for purchases they did not approve. We have contacted all eligible customers who have not already received a refund for unauthorized charges to help ensure their refunds are confirmed quickly.”

Amazon set up a Web page where affected parties can request refunds: https://www.amazon.com/gp/mas/refund-orders/in-apprefund.

If you have an Amazon account, use the platform’s Message Center to find additional information about refunds.  The FTC recommends that specific questions about this matter be directed to Amazon by phone at 866-216-1072.

The legal tussle between the FTC and Amazon is a reminder to developers and app companies to follow the guidelines enumerated in the Children’s Online Privacy Protection Act. 

Kelly / Warner is a full-service law firm that helps entrepreneurs and businesses with digital and Internet law issues, in addition to FTC online sales and promotions matters.

Article Sources

Elmore, C. (2017, May 31). Amazon earned $70M unlawfully from kids, FTC said. Are you due a refund? Retrieved July 18, 2017, from http://www.kiro7.com/news/local/amazon-earned-70m-earned-unlawfully-from-kids-ftc-said-are-you-due-a-refund_/528400744

List of California Online Privacy Laws

California online privacy law and lawyer
List of California Online Privacy Laws

California rung in 2015 with a slew of new online privacy laws. If you run a commercial website – or otherwise collect personal data about users – there’s a good chance you’re beholden to California’s online privacy laws.

But why? You don’t operate out of California, right?

Wrong.

California’s online privacy laws aren’t only for websites and companies based in California. They apply to any and all commercial websites or apps available for use in California.

Below is a list of the Golden State’s latest digital privacy statutes. The state’s original online privacy law is still in effect, also. To speak with an Internet lawyer about an online privacy matter, head over here.

List of California Online Privacy Bills That Became Law In 2015

Privacy Rights for California Minors in the Digital World Senate Bill No. 568

Digitally marketing firearms, tobacco, or alcoholic beverages to California’s minors is no longer allowed. Neither is compiling personally identifiable information about people aged 17 and younger, nor enabling other people to do so. Think of SB 568 as “COPPA for teenagers.”

http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140SB568

Data Breach Notification Amendments Assembly Bill No. 1710

Assembly Bill No. 1710 broadened the liability for data brokers holding information on California residents. Specifically, the new law requires data brokers to:

“…implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.”

http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140AB1710

Patient Medical Breach Notification Period Extension Assembly Bill 1755

Most of the 2015 California online privacy laws tighten restrictions, but AB 1755 does the opposite. Known as the Medical Information Breach Notification Bill – it extended the notification grace period for patient data breaches from 5 to 15 days.

In addition, AB 1755 allows for email as an acceptable method of patient contact and notification. The law does stipulate, however, that email cannot be used unless the patient gives consent.
https://legiscan.com/CA/text/AB1755/id/1038495

Pupil Records Privacy; 3rd-party contracts; digital storage services and digital educational software Assembly Bill No. 1584

Assembly Bill No. 1584 allows “educational agencies” (e.g., school districts, universities, etc.) to put both feet in the 21st century by granting leeway to contract cloud computing programs on a mass scale.

http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140AB1584

Pupil Records and Social Media Assembly Bill No. 1442

Another online privacy law protecting students, AB 1442 focuses on social media data. If school representatives collect information about students’ social media accounts, they’re not allowed to sell it, rent it or use it in an unauthorized manner. The law goes so far as to give “destruction instructions” for information inadvertently (or purposefully) collected.

http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140AB1442

Student Online Personal Information Protection Act Senate Bill No. 1177

Another student-focused online privacy law, Senate Bill No. 1177 addresses advertising in educational software. Essentially, the new law prohibits marketers from a) using in-app, targeted advertising and b) building student profiles using information gathered via platforms used in schools and other educational institutions. The law also calls for on-demand information deletion under certain circumstances.

https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140SB1177

Consult With An Online Privacy Lawyer

Kelly / Warner attorneys intimately understand the parameters of both state and federal online privacy regulations. If you run a website in the U.S., there’s a significant chance you’re beholden to not only California online privacy laws – but foreign (yep, foreign) statutes, too. If you have an online business presence, get a privacy audit with an experienced Internet lawyer.

Do Foreign Companies Have To Follow FTC COPPA Regulations?

do foreign companies have to follow FTC COPPA rules
Must you adhere to FTC COPPA regulations if you’re outside the U.S.?

Do Foreign Companies Have To Follow FTC COPPA Rules? (Yes!)

Can the U.S. Federal Trade Commission fine foreign websites and apps for not following state-side online marketing regulations? It sure can. Here’s the Internet marketing legal line: All commercial products and services available to U.S. citizens are subject to FTC regulations.

BabyBus COPPA Violations: Example of a Foreign Businesses Being Investigated By The FTC

Recently, Chinese app developer BabyBus Network Technology Co. (“BabyBus”) learned the answer to the question, “Do foreign companies have to follow FTC rules?,” when the Asia-based developer got a Children’s Online Privacy Protection Act (COPPA) violation warning:

“Because you are collecting precise geolocation information, which is considered ‘personal information’ under the rule, you must provide notice and obtain verifiable parental consent before collecting, using, or disclosing this information. Your failure to do so appears to violate COPPA and its implementing rule.”

Exhibiting a bit of Internet law diplomacy, the Federal Trade Commission gave BabyBus a month to review its product to make necessary changes.

The next time someone answers “no,” to the question: “Do foreign companies have to follow FTC COPPA regulations,” set them straight using the BabyBus example.

What Are The Main Things To Remember About The Children’s Online Privacy Protection Act (COPPA):

  • If your commercial website, app, or platform is used by children younger than 13, you must adhere to restrictions outlined in the Children’s Online Privacy Protection Act.
  • Without parental/guardian consent, it’s against regulations for commercial websites, apps, and platforms to collect personally identifiable information about people younger than 13.
  • There are specific COPPA rules regarding acceptable parental consent. For example, simply collecting a credit card number doesn’t meet standards. To make compliance easier, the FTC recently approved a program in which developers can submit their “parental consent gathering” apps for COPPA safe harbor certification. If the FTC accepts an app or platform for the program, said app or platform can be incorporated into websites and software. It’s akin to blogs using a program like “Disqus” as a commenting engine.
  • Even if minors aren’t your target demographic, if you have “actual knowledge” that they’re using your commercial site or software, platform or application, then you’re beholden to COPPA regulations. You’re best bet is to consult an FTC marketing lawyer to make sure you’re in the legal clear.

What Does ‘Commercial’ Mean In Regards To The Children’s Online Privacy Protection Act?

Unsure if your website would legally be considered “commercial” by a court? Have an Internet lawyer look at it. You may not think your website is “commercial,” but a plugin or process may deem it so in the eyes of the Federal Trade Commission.

Get An FTC Marketing Audit

Do you run a commercial website or app that a child may use? Have you developed an app, platform or plugin that could be deployed on a commercial website that a kid might visit? If yes, then you should be aware of regulations laid out in the Children’s Online Privacy Protection Act. An FTC marketing lawyer can review your operation and let you know if your product or service is beholden to COPPA.

The next time someone answers “no” to the question: “Do foreign companies have to follow FTC COPPA regulations,” you can set them straight using the BabyBus example.

Kelly / Warner offers COPPA audits. They’re inexpensive and could save you a major FTC COPPA investigation headache. Get in touch today to learn more.

Source Article

kidSAFE Gets FTC’s COPPA Blessing

kidSAFE COPPA

In February, the FTC green-lit the kidSAFE Seal Program as a viable safe harbor alternative under the Children’s Online Privacy Protection ACT (COPPA). The FTC ruled that kidSAFE’s platform allows for the “same or greater protections” to children as those obtained under the COPPA Rule.

COPPA Parental Consent Rules & kidSAFE

Under COPPA, websites or applications aimed at children 13 or younger must obtain parental consent before collecting and storing data. Websites must also obtain parental permission before releasing personal information.

What Is The Federal Trade Commission?

The Legislature established the FTC to keep an eye on unfair or deceptive business practices. Created in 1914, the FTC is the only federal agency that deals with both consumer protection and competition. Over the years, Congress has widened the scope of the FTC’s purview – especially when it comes to Internet law matters.

Federal legislators passed COPPA in 2000. Since then, it’s been updated several times – most recently last year. In brief, the act specifies:

  • that parental consent must be obtained for any personal data from children aged 13 and under;
  • the ways in which consent may be obtained; and
  • the responsibilities of the website operator regarding the safety and privacy
    of children online.

New COPPA Provisions:

With the new provision, website operators must allow parents to view any data collected from their children. Parents can delete data but can’t otherwise change it. The FTC has also established guidelines to make it easier for website directors to comply with the new program, like requiring parents to use a credit card when establishing identity or providing a toll-free phone number that parents can use to confirm consent.

COPPA Lawyer

Do you have a website popular among kids? If a minor visits your page, and you collect data or track said minor with cookies — inadvertently or on purpose —  and you don’t have the proper COPPA provisions in place, technically, you’re in violation of the law.

To get compliant, contact Kelly Warner Law today for a website audit. The couple hundred dollars it will cost for a COPPA lawyer to review your site is a drop in the bucket to the millions you could be fined for violating COPPA regulations. Get in touch today.

COPPA Parental Consent Rule: Overkill or Necessary?

pictue of mother and daughter at computer to accompany blog post about new COPPA parental consent ruleAs of July 1, 2013, the COPPA parental consent rule is in effect and internet companies aren’t thrilled with the FTC’s definition of “personal information” under the new guidelines.

Tech Community Says COPPA Parental Consent Rule May Thwart Innovation

Some parties fear that smaller operations, like app and plug-in firms, will stop collecting interactive content rather than conform to the complicated parental consent process. Why is this a bad thing? Because begging out could, theoretically, thwart innovation.

FTC’s Stance: We Needed A New COPPA Parental Consent Rule

An FTC spokesperson explained that an increase in deceptive ads aimed at kids necessitated this update. FTC Associate Director Maneesha Mithal claimed that “parents should be in the driver’s seat.”

Tech Industry Weighs In

A non-partisan technology think tank, TechFreedom, hosted a panel discussion on the new COPPA parental consent rule. At the event, its president, Berin Szoka, explained: “The reality is most of the sites and services, like Facebook or Twitter, don’t have an option available for kids.”

Advocates voiced skepticism about the parental consent rule and its effect on advertising and so-called kid-friendly websites. For example, PinewoodDerby.org, a Boy Scouts website, might be affected by the COPPA parental consent rule.

Laws must protect minors, but is the COPPA parental consent rule a recipe for disaster that will create unnecessary innovation boundaries? The debate continues.

Chat With A COPPA Lawyer

Want to make sure you’re COPPA compliant? Contact Kelly Warner Law for an audit. A COPPA violation can cost millions. So, read up on all the COPPA rules to ensure your website, plugin, or app is not lawless!

COPPA Case Study: Music Website Fined Millions

COPPA case study: music website for kids
A music entertainment company is paying one million in online privacy fines.

Here’s one from the COPPA case files.

Artist Arena, a division of Warner Music Group, paid a hefty fine to settle a Children’s Online Privacy Protection Act (COPPA) claim.

Purveyors of online music entertainment, Artist Arena is a company associated with several websites, like SlenaGomez.com and BieberFever.com, and,  DeminLovatoFanClub.net. The problem: Artist Arena’s websites allegedly collect the names, addresses, and phones numbers of minors without first obtaining parental consent – a clear violation of the Children’s Online Privacy Protection Act.

Officials estimate that Artist Arena compromised over 100,000 records, and now it has to pay up.

Two-Minute COPPA Explanation

The Children’s Online Privacy Protection Act is the only federal online privacy law that hasn’t been savaged by the Supreme Court of the United States. It’s goal? To protect the personally identifiable information of citizens aged 13 and younger.

If Kids Use — or COULD use — Your Website or App, COPPA Compliance Is A Must

The COPPA rule outlines several regulations that websites, which are “directed at children,” must follow. One of the main stipulations is parental consent before data collection. Or, to put it another way: websites can’t collect any information about minors before getting their parent or guardian’s John Hancock.

In Artist Arena’s COPPA case, the company sent an email instructing parents to disregard the message and do nothing if they didn’t approve of the data collection. And that would have worked, if Artist Arena’s system didn’t register the child anyway. That’s right, according to reports, Artist Arena collected birthdays, emails, addresses and names before the parental consent check.

COPPA Fines

Fines for violating the Children’s Online Privacy Protection Are as follows:

A court can hold website operators who violate the Rule liable for civil penalties of up to $11,000 per violation. The amount of penalties the court assesses may turn on a number of factors, including the egregiousness of the violation, the number of children involved, the amount and type of personal information collected, how the information was used, whether it was shared with third parties, and the size of the company.

In theory, if Artist Arena did inappropriately collect the data of  over 100,000 children, it could be charged $1,111,000,000. (Heck, we could cure the national debt with a few well-argued COPPA cases!) But, of course, that is an absurd number, and cases of this size usually settle for a few million. In this COPPA case, Artist Arena agreed to pay $1 million in damages. The company has yet to admit any wrongdoing.

COPPA Rules Are Getting Stricter

The Federal Trade Commission takes COPPA violations seriously and recently tightened the rules. People who run websites for children —  or a website that children may be attracted to even if they’re not the target demo — should familiarize themselves with COPPA rules.

Got A COPPA Case Question?

Connect with an Internet lawyer about COPPA compliance.