Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

CARU orders app company to correct violations of children’s privacy rules

Privacy, Cyber Risk & Data Security Enforcement COPPA CARU

Privacy, Cyber Risk & Data Security

On September 7, the Children’s Advertising Review Unit (CARU) announced that the owner of a cartoon-themed app company has agreed to correct alleged violations of the Children’s Online Privacy Protection Act (COPPA) and CARU’s Self-Regulatory Guidelines for Advertising and for Children’s Online Privacy Protection. CARU found that the company served multiple automated ads that could not be stopped—which included interactive features that mimicked the app's gameplay—until users downloaded the advertised app or watched the entire ad. CARU found that these “ads unduly interfered with gameplay, encouraged excessive ad viewing by children through deceptive door openers and other manipulative design techniques, required children to download and install unnecessary apps, and often provided unclear and inconspicuous methods for children to exit the ad and return to the game.” CARU further noted that while its Advertising Guidelines do not require in-app ads to provide an exit method, “they specify that where one is offered it must be clear and conspicuous.” CARU also said that the app “failed to use simple, clear, and conspicuous language to let children know when they were selecting a button that would force them to watch or engage with an ad, and instead used small disclosures in tiny, inconspicuous text.” The company also displayed some ads that were unsafe and inappropriate for children in violation of CARU's Advertising Guidelines. 

CARU noted that the company did take proactive steps to address each of CARU's concerns regarding its advertising and privacy practices. Specifically, the company will, among other things, “[u]pdate its age screening mechanism to allow users to freely enter the month and year of their birth and, use technical measures to prevent a child from entering a different age once they initially submit their age,” and “[u]pdate its privacy policy to align with COPPA and better reflect its data practices as a mixed-audience site.” In particular, the app company has already voluntarily updated its age screen to direct users to two different versions of the app, with one directed towards users under age 13 and a separate version for those age 13 and up.