Archives: Children’s Privacy

Subscribe to Children’s Privacy RSS Feed

FTC Approves Modifications to TRUSTe’s COPPA Safe Harbor Program

The Federal Trade Commission (FTC) approved TRUSTe’s proposed modifications to their Children’s Online Privacy Protection Act (COPPA) safe harbor program this week. COPPA requires, among other things, that commercial website and mobile app operators that knowingly collect personal information from children under age 13 post comprehensive privacy policies on their websites and in their mobile … Continue Reading

FBI Issues Warning about Internet-Connected Toys

We previously reported about the microphone and video capabilities of Echo technology [view related post]. The FBI is also concerned about this technology being used in toys that are connected to the Internet. The FBI is so concerned that yesterday, it issued a Public Service Announcement that warns consumers that Internet-connected toys “could present privacy … Continue Reading

FTC Issues Update on COPPA

Last week, the Federal Trade Commission (FTC) issued a six-step compliance plan to assist businesses with compliance with the Children’s Online Privacy Protection Act (COPPA). It provides clarity on who is covered by and must comply with COPPA and how companies can get parental consent. It also outlines a six-step compliance plan. New companies that … Continue Reading

TrustE Pays $100,000 with NYS for Failing to Protect Children’s Websites

On April 6, 2017, New York Attorney General Eric Schneiderman (AG) announced that he has settled an investigation against TrustE for alleged violations of failing to adequately prevent illegal tracking technology on children’s websites, including Hasbro.com and Roblox.com. TrustE has agreed to pay the State $100,000 in the settlement and adopt measures to strengthen its … Continue Reading

Data Breach Involving CloudPets “Smart” Toys Raises Internet-of-Things Security Concerns

On February 27, 2017, news reports disclosed a major security breach involving Spiral Toys, the seller of the CloudPets brand of internet-connected stuffed animals. The Bluetooth-connected CloudPets toys allow users to exchange voice messages between the toys and applications on smartphones or tablets. An investigation by cybersecurity researcher Troy Hunt revealed that customer data for … Continue Reading

Toys Not Immune from Scrutiny Over Privacy and Security Weaknesses

In the wake of the holiday season, it seems that even toys are not immune from privacy and security pitfalls. Two “connected” toys, Genesis Toys’ My Friend Cayla and i-Que robot, have been accused of violating U.S. and European privacy, security and advertising laws. The toys at issue provide children with an interactive experience via … Continue Reading

FTC Complaint Made Against Genesis Toys and Nuance Communications

On December 6, 2016, The Electronic Privacy Information Center, The Campaign for a Commercial Free Childhood, The Center for Digital Democracy and Consumers Union filed a Complaint and Request for Investigation, Injunction and Other Relief (Complaint) with the Federal Trade Commission (FTC) against Genesis Toys (Genesis) and Nuance Communications (Nuance) regarding alleged violations of the … Continue Reading

U.S. Department of Education Issues Guidance on Student Medical Records

On September 14, 2016, the Department of Education (DOE) issued a “Dear Colleague Letter” to provide guidance on the application of the Family Educational Rights and Privacy Act (FERPA) to the disclosure of student medical records in the context of litigation. FERPA generally prohibits a school from disclosing personally identifiable information from a student’s education … Continue Reading

DOJ and DOE issue guidance on privacy rights of transgender students

On May 13, 2016, the Department of Justice and the Department of Education issued a “Dear Colleague Letter” (DCL) describing reasonable steps to protect transgender students under Title IX of the Educational Amendments of 1972 (Title IX) as well as the Family Educational Rights and Privacy Act (FERPA). Title IX prohibits discrimination on the basis … Continue Reading

Are kids’ connected toys secure enough?

If the Hello Barbie complaints weren’t enough, now it has been announced that researchers determined that the kids’ toys, the Fisher-Price Smart Toy Bear and the hereO GPS watch, had some serious security vulnerabilities.  The Smart Toy Bear’s backend programming used unsecured application programming interfaces (APIs) to allow portions of software code to interact. Sounds … Continue Reading

More child identity theft, but more protections for children’s data

It seems that 2016 will mean MORE child identity theft. Why? Because with the increased amount of data collection from children and young adults at schools, health care facilities, retailers, and by advertising companies, hackers can gain access to centralized data systems with a plethora of high-value information from children.  However, perhaps 2016 is also … Continue Reading

Two mobile app developers collect persistent identifiers and pay out $360,000 in fines for COPPA violations

LAI Systems, LLC (LAI) and Retro Dreamer agreed to pay civil penalties of a combined $360,000 to settle charges issued by the Federal Trade Commission (FTC) that they violated the Children’s Online Privacy Protection Act (COPPA) by allowing advertising companies to use persistent identifiers, collected through their mobile apps, to elicit specific advertisements to children. … Continue Reading

FAA announces streamlined drone registration process

On Monday, December 14, the Federal Aviation Administration (FAA) announced a “user-friendly” online aircraft registration system for owners of drones (or more officially called “small unmanned aircrafts”) that weigh more than 0.55 pounds but less than 55 pounds. This registration is a statutory requirement that applies to all types of aircrafts. Anyone who has owned … Continue Reading

Mattel gets hit with class action over Hello Barbie’s invasion of children’s privacy

We reported last month ago about the release of Mattel’s new Hello Barbie (and the “Hell No Barbie Campaign”), with the capability to ‘carry a conversation’ with a child using speech recognition software and storage of conversations in the cloud. This week, in Los Angeles Superior Court, two moms filed a class action on behalf … Continue Reading

Facial recognition technology may be used as a method of verifiable parental consent

This week, the Federal Trade Commission (FTC) determined that companies covered by the Children’s Online Privacy Protection Act (COPPA) can use facial recognition technologies to match a parent’s photo on a government-issued identification to “selfies” that the parent submits via mobile phone or webcam as a method of verifiable parental consent, as required by COPPA. … Continue Reading

Parental consent by selfie?

As a general rule, the Children’s Online Privacy Protection Act (COPPA) requires operators of websites (including mobile apps) directed to children under the age of 13 to obtain verifiable parental consent before collecting personal information from those users. COPPA sets forth a non-exhaustive list of acceptable methods for obtaining parental consent. For example, operators can … Continue Reading

“Hell No Barbie” Campaign against the new interactive doll with artificial intelligence

Well folks, it’s that time of year again, the time of year where the latest and greatest toys hit the shelves just in time for the Christmas shopping season. This year, one of the most controversial toys to hit the shelves will be Hello Barbie, which is an interactive doll with artificial intelligence capable of … Continue Reading

Privacy Tip #8 – How teachers can assist students to be safe online

It is scary to read the headlines that kids become victims of crimes, some of them horrific, because of online activity. Kids are naive and susceptible to online predators. Parents must be vigilant in educating their children about online activity and teachers can reinforce lessons learned at home to help kids stay safe. How can … Continue Reading
LexBlog