Do Foreign Companies Have To Follow FTC COPPA Rules? (Yes!)
Can the U.S. Federal Trade Commission fine foreign websites and apps for not following state-side online marketing regulations? It sure can. Here’s the bottom Internet marketing line: All commercial products and services available to U.S. citizens are subject to FTC regulations.
BabyBus COPPA Violations: Example of a Foreign Businesses Being Investigated By The FTC
Recently, Chinese app developer BabyBus Network Technology Co. (“BabyBus”) learned the answer to the question, “Do foreign companies have to follow FTC rules?,” when the Asia-based developer got a Children’s Online Privacy Protection Act (COPPA) violation warning:
“Because you are collecting precise geolocation information, which is considered ‘personal information’ under the rule, you must provide notice and obtain verifiable parental consent before collecting, using, or disclosing this information. Your failure to do so appears to violate COPPA and its implementing rule.”
Exhibiting a bit of Internet law diplomacy, the Federal Trade Commission gave BabyBus a month to review its product, and then make necessary changes.
What Are The Main Things To Remember About The Children’s Online Privacy Protection Act (COPPA):
- If your commercial website, app or platform is used by children younger than 13, you must adhere to restrictions outlined in the Children’s Online Privacy Protection Act – the only (currently) extant federal online privacy law in the U.S.
- Without parental/guardian consent, it’s against regulations for commercial websites, apps and platforms to collect personally identifiable information about people younger than 13.
- There are specific COPPA rules regarding acceptable parental consent. For example, simply collecting a credit card number doesn’t meet standards. To make compliance easier, the FTC recently approved a program in which developers can submit their “parental consent gathering” apps for COPPA safe harbor certification. If the FTC accepts an app or platform for the program, said app or platform can be incorporated into websites and software that are beholden to COPPA regulations. It’s akin to blogs using a program like “Disqus” as a commenting engine.
- Even if tweens are not your target demographic, if you have “actual knowledge” that minors are using your commercial site or software, platform or application, then you’re beholden to COPPA regulations. You’re best bet is to consult an FTC marketing lawyer to make sure you’re in the legal clear.
What Does ‘Commercial’ Mean In Regards To The Children’s Online Privacy Protection Act?
Unsure if your website would legally be considered “commercial” by a court? Have an Internet lawyer look at it. You may not think your website is “commercial,” but a plugin or process may deem it so in the eyes of the Federal Trade Commission.
Get An FTC Marketing Audit
Do you run a commercial website or app that a child may use? Have you developed an app, platform or plugin that could be deployed on a commercial website that a kid might visit? If yes, then you should be aware of regulations laid out in the Children’s Online Privacy Protection Act. An FTC marketing lawyer can review your operation and let you know if your product or service is beholden to COPPA.
The next time someone answers “no” to the question: “Do foreign companies have to follow FTC COPPA regulations,” you can set them straight using the BabyBus example.
Here’s one from the COPPA case files.
Artist Arena, a division of Warner Music Group, paid a hefty fine to settle a Children’s Online Privacy Protection Act (COPPA) claim.
Purveyors of online music entertainment, Artist Arena is a company associated with several websites, like SlenaGomez.com and BieberFever.com, and, DeminLovatoFanClub.net. The problem: Artist Arena’s websites allegedly collect the names, addresses, and phones numbers of minors without first obtaining parental consent – a clear violation of the Children’s Online Privacy Protection Act.
Officials estimate that Artist Arena compromised over 100,000 records, and now it has to pay up.
Two-Minute COPPA Explanation
The Children’s Online Privacy Protection Act is the only federal online privacy law that hasn’t been savaged by the Supreme Court of the United States. It’s goal? To protect the personally identifiable information of citizens aged 13 and younger.
If Kids Use — or COULD use — Your Website or App, COPPA Compliance Is A Must
The COPPA rule outlines several regulations that websites, which are “directed at children,” must follow. One of the main stipulations is parental consent before data collection. Or, to put it another way: websites can’t collect any information about minors before getting their parent or guardian’s John Hancock.
In Artist Arena’s COPPA case, the company sent an email instructing parents to disregard the message and do nothing if they didn’t approve of the data collection. And that would have worked, if Artist Arena’s system didn’t register the child anyway. That’s right, according to reports, Artist Arena collected birthdays, emails, addresses and names before the parental consent check.
Fines for violating the Children’s Online Privacy Protection Are as follows:
A court can hold website operators who violate the Rule liable for civil penalties of up to $11,000 per violation. The amount of penalties the court assesses may turn on a number of factors, including the egregiousness of the violation, the number of children involved, the amount and type of personal information collected, how the information was used, whether it was shared with third parties, and the size of the company.
In theory, if Artist Arena did inappropriately collect the data of over 100,000 children, it could be charged $1,111,000,000. (Heck, we could cure the national debt with a few well-argued COPPA cases!) But, of course, that is an absurd number, and cases of this size usually settle for a few million. In this COPPA case, Artist Arena agreed to pay $1 million in damages. The company has yet to admit any wrongdoing.
COPPA Rules Are Getting Stricter
The Federal Trade Commission takes COPPA violations seriously and recently tightened the rules. People who run websites for children — or a website that children may be attracted to even if they’re not the target demo — should familiarize themselves with COPPA rules.