Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CARU orders app company to correct violations of children’s privacy rules

    Privacy, Cyber Risk & Data Security

    On September 7, the Children’s Advertising Review Unit (CARU) announced that the owner of a cartoon-themed app company has agreed to correct alleged violations of the Children’s Online Privacy Protection Act (COPPA) and CARU’s Self-Regulatory Guidelines for Advertising and for Children’s Online Privacy Protection. CARU found that the company served multiple automated ads that could not be stopped—which included interactive features that mimicked the app's gameplay—until users downloaded the advertised app or watched the entire ad. CARU found that these “ads unduly interfered with gameplay, encouraged excessive ad viewing by children through deceptive door openers and other manipulative design techniques, required children to download and install unnecessary apps, and often provided unclear and inconspicuous methods for children to exit the ad and return to the game.” CARU further noted that while its Advertising Guidelines do not require in-app ads to provide an exit method, “they specify that where one is offered it must be clear and conspicuous.” CARU also said that the app “failed to use simple, clear, and conspicuous language to let children know when they were selecting a button that would force them to watch or engage with an ad, and instead used small disclosures in tiny, inconspicuous text.” The company also displayed some ads that were unsafe and inappropriate for children in violation of CARU's Advertising Guidelines. 

    CARU noted that the company did take proactive steps to address each of CARU's concerns regarding its advertising and privacy practices. Specifically, the company will, among other things, “[u]pdate its age screening mechanism to allow users to freely enter the month and year of their birth and, use technical measures to prevent a child from entering a different age once they initially submit their age,” and “[u]pdate its privacy policy to align with COPPA and better reflect its data practices as a mixed-audience site.” In particular, the app company has already voluntarily updated its age screen to direct users to two different versions of the app, with one directed towards users under age 13 and a separate version for those age 13 and up.

    Privacy, Cyber Risk & Data Security Enforcement COPPA CARU

  • CARU orders app company to correct violations of children’s privacy rules

    Privacy, Cyber Risk & Data Security

    On March 8, the Children’s Advertising Review Unit (CARU) announced that a smart watch phone operator has agreed to take actions to correct alleged violations of the Children’s Online Privacy Protection Act (COPPA) and CARU’s Self-Regulatory Guidelines for Children’s Online Privacy Protection. According to the press release, CARU is the nation’s first FTC-approved COPPA Safe Harbor Program and is tasked with monitoring online services for compliance with COPPA and CARU’s privacy guidelines to make sure the collection of children’s data is handled responsibly. CARU examined the company’s data handling and sharing practices and found that the company, among other things, “failed to provide clear and complete, and non-confusing, notice of its children’s information collection practices in its privacy policy and failed to provide any notice that would constitute a direct notice to parents as required by COPPA.” The company also failed to offer a method for parents to provide verifiable consent to its data gathering practices prior to its collection of information from children, CARU stated, adding that the company’s privacy policy, terms of service, and other online disclosures also included “inconsistent, confusing and/or contradictory statements about its collection, use, or disclosure of children's personal information.”

    CARU noted that the company submitted a “detailed plan” outlining measures to remedy the concerns and agreed to correct the violations in order to comply with CARU’s privacy guidelines and COPPA. The company will also update its privacy policy to include information on how parents can prohibit the use of their child’s data or have it deleted and will obtain verifiable parental consent prior to completing the registration process. CARU also recommended that the company revise its website and app to provide parents with “direct notice of what personal information the operator can collect from children through their use of the service, both passively and actively, and how such personal information can be used and disclosed, together with a clear and prominent link to its privacy policy.”

    Privacy/Cyber Risk & Data Security Enforcement COPPA CARU FTC

Upcoming Events