Easily lost in the commotion is the work done by the Federal Trade Commission (FTC) pursuant to its mandate under the Children’s Online Privacy Protection Act (COPPA).  Notwithstanding popular belief, in my opinion, COPPA remains the most child-protective privacy law in the world.  And, the FTC has again established itself as the most active and effective regulator of children’s privacy rights.

From January 2018 to February 2019, the FTC settled three major COPPA cases.  First, on January 8, it announced a $650,000 COPPA settlement with VTech Electronics entities (“VTech”), the FTC’s first enforcement action involving an Internet-connected toy.  Less than a month later, the FTC announced a $500,000 COPPA settlement with online talent site, Explore Talent.  Then, in February 2019, the FTC entered into a COPPA settlement with the operators of mobile app, Musical.ly (now known as TikTok), for $5.7 million—the largest ever monetary penalty in a COPPA case.

In addition, state Attorneys General—also empowered to protect children’s privacy rights under COPPA—were quite active.  The Attorneys General for New Jersey and New York, each of which has a long-established track record in children’s privacy, announced COPPA settlements:  the New Jersey Attorney General entered into a $100,000 COPPA settlement with Meitu, Inc., a Chinese operator of child-directed websites, and the New York Attorney General entered into a $4.95 million COPPA settlement (the largest ever at the time) with Oath (formerly AOL).  In addition, the New Mexico Attorney General filed a COPPA complaint against Tiny Lab Products, the maker of mobile applications allegedly directed to young children; its advertising partners; and the mobile storefront on which its apps appeared.

There are numerous lessons to be learned from recent enforcement activity.

• FTC Commissioners Chopra and Slaughter have put individuals on notice that if they make or ratify the decisions that violate COPPA, they could find themselves held personally liable.
• Third parties (especially companies in the advertising ecosystem) are in regulators’ crosshairs. Operators of websites and mobile apps must do their diligence upfront and on a continuing basis.
• Regulators are scrutinizing the designation of online services as “mixed audience” and “general audience,” examining an online service’s content, including advertising; marketing of the online service; public and internal statements about the intended audience; and empirical evidence.
• Inclusion of a mobile app in Google Play’s Designated for Families section will be viewed as evidence the mobile app is either child-directed or mixed audience.
• COPPA requires reasonable measures to protect data security. Many COPPA investigations begin as a result of a data breach.
• COPPA applies equally to operators located outside the United States so long as those operators are directing their services to children in the United States or have actual knowledge they are collecting personal information from children in the United States.
• Internet-connect products directed to children under 13 years old are subject to COPPA.

The post From VTech to Musical.ly: U.S. Regulators Remain the Most Active Enforcers of Children’s Privacy Rights appeared first on ESRB Ratings.

Easily lost in the commotion is the work done by the Federal Trade Commission (FTC) pursuant to its mandate under the Children’s Online Privacy Protection Act (COPPA).  Notwithstanding popular belief, in my opinion, COPPA remains the most child-protective privacy law in the world.  And, the FTC has again established itself as the most active and effective regulator of children’s privacy rights.

From January 2018 to February 2019, the FTC settled three major COPPA cases.  First, on January 8, it announced a $650,000 COPPA settlement with VTech Electronics entities (“VTech”), the FTC’s first enforcement action involving an Internet-connected toy.  Less than a month later, the FTC announced a $500,000 COPPA settlement with online talent site, Explore Talent.  Then, in February 2019, the FTC entered into a COPPA settlement with the operators of mobile app, Musical.ly (now known as TikTok), for $5.7 million—the largest ever monetary penalty in a COPPA case.

In addition, state Attorneys General—also empowered to protect children’s privacy rights under COPPA—were quite active.  The Attorneys General for New Jersey and New York, each of which has a long-established track record in children’s privacy, announced COPPA settlements:  the New Jersey Attorney General entered into a $100,000 COPPA settlement with Meitu, Inc., a Chinese operator of child-directed websites, and the New York Attorney General entered into a $4.95 million COPPA settlement (the largest ever at the time) with Oath (formerly AOL).  In addition, the New Mexico Attorney General filed a COPPA complaint against Tiny Lab Products, the maker of mobile applications allegedly directed to young children; its advertising partners; and the mobile storefront on which its apps appeared.

There are numerous lessons to be learned from recent enforcement activity.

• FTC Commissioners Chopra and Slaughter have put individuals on notice that if they make or ratify the decisions that violate COPPA, they could find themselves held personally liable.
• Third parties (especially companies in the advertising ecosystem) are in regulators’ crosshairs. Operators of websites and mobile apps must do their diligence upfront and on a continuing basis.
• Regulators are scrutinizing the designation of online services as “mixed audience” and “general audience,” examining an online service’s content, including advertising; marketing of the online service; public and internal statements about the intended audience; and empirical evidence.
• Inclusion of a mobile app in Google Play’s Designated for Families section will be viewed as evidence the mobile app is either child-directed or mixed audience.
• COPPA requires reasonable measures to protect data security. Many COPPA investigations begin as a result of a data breach.
• COPPA applies equally to operators located outside the United States so long as those operators are directing their services to children in the United States or have actual knowledge they are collecting personal information from children in the United States.
• Internet-connect products directed to children under 13 years old are subject to COPPA.

The post From VTech to Musical.ly: U.S. Regulators Remain the Most Active Enforcers of Children’s Privacy Rights appeared first on ESRB Ratings.

On April 12, 2019, the UK’s Information Commissioner’s Office (ICO) published a consultation draft of its long-awaited Age Appropriate Design: A Code of Practice for Online Services (Code).  The Code—which follows a lengthy process in which the ICO called for evidence and views from parents, stakeholders, experts, etc.—was prepared pursuant to the ICO’s obligations under Section 123 of the UK Data Protection Act 2018 (DPA 2018), which requires the Information Commissioner to “prepare a code of practice which contains such guidance as the Commissioner considers appropriate on standards of age-appropriate design of relevant information society services which are likely to be accessed by children.”

In its current draft form, the Code consists of 16 “standards” that provide practical guidance for developing online services suitable for children.  Providers of those services, however, should not interpret the term “guidance” to mean the standards are mere suggestions.  The ICO makes clear that if all 16 standards are not complied with, providers would be “likely to find it difficult to demonstrate that your processing is fair and complies with the GDPR and PECR.”  The ICO further warns that it could act against providers who process children’s personal data in violation of the Code.

The question, therefore, is to whom the Code would apply?  First, from a jurisdictional standpoint, the Code has the same reach as the DPA 2018, meaning it would apply to providers:

1. Based in the UK;
2. That have a branch, office or other “establishment” in the UK, and that process personal data in the context of the activities of that establishment; or
3. That are neither based in nor have an establishment in the UK, but offer services to users in the UK or monitor the behavior of users in the UK.

Second, the Code would apply to providers of online services (e.g., websites, apps, games, connected products, etc.) that children under 18 years old “are likely to use.”  This standard differs from the “directed to children” standard under the U.S. Children’s Online Privacy Protection Act (COPPA) in two significant ways.  One, the Code would apply far more broadly, covering any online service with an element or feature that is likely to appeal to and be accessed by a child.  And, two, under the Code, “children” includes all users under 18 years old; whereas COPPA’s protections are limited to users under 13 years old.  As a practical matter, this means the Code would impact far more online services than those covered by COPPA.

Indeed, unless proven otherwise, the presumption would be that the Code would apply.  If a provider believes only adults are likely to use its online service, the burden would be on the provider to “point to specific documented evidence to demonstrate that children are not likely to access the service in practice.”  Evidence may include, for example, market research or specific measures taken to limit access by children.  This burden is further heightened by the ICO’s guidance on age screening mechanisms, which it states must be “robust and effective.”  The provider would be required to demonstrate that children cannot easily circumvent the mechanism put in place.  In other words, most age “gates” currently used by online service providers would not suffice.

For an effective age screening mechanism, we recommend providers consider Veratad Solutions, which provides a range of identity and age verification solutions.  Members of the Privacy Certified program benefit from our exclusive partnership with Veratad, which includes discounted rates.

The post The ICO’s Age Appropriate Design Code: What is it? appeared first on ESRB Ratings.

1. Gaming encourages persistence

It’s important to first understand why children love video games. Young gamers often cite the sense of freedom and self-dedication as key draws for them to play. It might be hard to see through their twitching fingers, but games allow kids to set goals, tackle challenges, solve problems and take risks. This teaches children how to fail, try again and overcome obstacles without the fear they may feel in real life.

Many parents are simply unaware of the variety of potential benefits their child may gain from playing games.

2. Gaming increases physical activity

Many gamers are also inspired by their favorite games to become more active in their every-day lives, not less. A Harvard study found that kids who played sports games were frequently motivated to take up athletics in real life! Some children are even motivated to develop more competitive techniques for activities in which they were already interested. As Pokémon GO proved, a free mobile game can kick off a population-wide increase in physical activity as fans of all ages search for illusive Pokémon.

3. Gaming helps with socialization

Games can also encourage positive social behavior. Being a popular activity among your kids’ friends, games are a common conversation topic in the real world that can nurture and strengthen a budding friendship. Whether talking strategies at recess or executing them together, kids can also develop their teamwork, collaboration and leadership skills while enjoying friendly competition with their pals… or even parents.

Understanding the benefits of playing games in responsible doses should ease many parents’ concerns. That said, it’s probably not a good idea for your child to sit in front of a game console for hours on end assuming it will get them into an Ivy League university. Parents should not only monitor playtime — balancing it with school responsibilities, physical activity and social obligations — but carefully consider whether the games they’re playing are age-appropriate.

Bottom line, enjoying the right games under the right circumstances can be fun, while also being good for you and your family.

The post 3 Benefits of Video Games that Every Parent Should Know appeared first on ESRB Ratings.