Archives: Children’s Privacy

Subscribe to Children’s Privacy RSS Feed

Privacy Tip #242 – Protecting Children’s Privacy

The Children’s Online Privacy Protection Act (COPPA) has been on the books for years and is enforced by the Federal Trade Commission (FTC). COPPA basically prohibits companies from collecting personal information from children under the age of 13 without parental consent. The FTC has an impressive record of enforcement actions under COPPA and compliance with … Continue Reading

Privacy Tip #237 – Nintendo Users: Change Your Password and Enable MFA

Nintendo has shut down some NNID logins and has told Switch owners to lock down their accounts following a series of fraudulent attacks. Nintendo has confirmed that it suffered an attack by hackers who accessed some accounts and are using PayPal accounts linked to the accounts to purchase items fraudulently. According to Nintendo, approximately 160,000 … Continue Reading

Privacy Tip #234 – Children’s Privacy During the Pandemic

Kids are at home all day now, remote learning and surfing the web more than ever before. Parents are working from home too, and understandably are not always able to monitor and supervise their children’s computer use as much as they should or would like to. Scammers, fraudsters and evil doers know this and are … Continue Reading

Protecting the Privacy of Children Online – More Updates on COPPA

Last week, two Senators, Senator Edward J. Markey of Massachusetts and Senator Richard Blumenthal of Connecticut sent a letter to the Federal Trade Commission (FTC) regarding apps designed for children and whether they are in compliance with the Children’s Online Privacy Protection Act (COPPA), See 15 U.S.C. 6501 and regulations at 16 C.F.R. Part 312 … Continue Reading

FTC Approves Modifications to TRUSTe’s COPPA Safe Harbor Program

The Federal Trade Commission (FTC) approved TRUSTe’s proposed modifications to their Children’s Online Privacy Protection Act (COPPA) safe harbor program this week. COPPA requires, among other things, that commercial website and mobile app operators that knowingly collect personal information from children under age 13 post comprehensive privacy policies on their websites and in their mobile … Continue Reading

FBI Issues Warning about Internet-Connected Toys

We previously reported about the microphone and video capabilities of Echo technology [view related post]. The FBI is also concerned about this technology being used in toys that are connected to the Internet. The FBI is so concerned that yesterday, it issued a Public Service Announcement that warns consumers that Internet-connected toys “could present privacy … Continue Reading

FTC Issues Update on COPPA

Last week, the Federal Trade Commission (FTC) issued a six-step compliance plan to assist businesses with compliance with the Children’s Online Privacy Protection Act (COPPA). It provides clarity on who is covered by and must comply with COPPA and how companies can get parental consent. It also outlines a six-step compliance plan. New companies that … Continue Reading

TrustE Pays $100,000 with NYS for Failing to Protect Children’s Websites

On April 6, 2017, New York Attorney General Eric Schneiderman (AG) announced that he has settled an investigation against TrustE for alleged violations of failing to adequately prevent illegal tracking technology on children’s websites, including Hasbro.com and Roblox.com. TrustE has agreed to pay the State $100,000 in the settlement and adopt measures to strengthen its … Continue Reading

Data Breach Involving CloudPets “Smart” Toys Raises Internet-of-Things Security Concerns

On February 27, 2017, news reports disclosed a major security breach involving Spiral Toys, the seller of the CloudPets brand of internet-connected stuffed animals. The Bluetooth-connected CloudPets toys allow users to exchange voice messages between the toys and applications on smartphones or tablets. An investigation by cybersecurity researcher Troy Hunt revealed that customer data for … Continue Reading

Toys Not Immune from Scrutiny Over Privacy and Security Weaknesses

In the wake of the holiday season, it seems that even toys are not immune from privacy and security pitfalls. Two “connected” toys, Genesis Toys’ My Friend Cayla and i-Que robot, have been accused of violating U.S. and European privacy, security and advertising laws. The toys at issue provide children with an interactive experience via … Continue Reading

FTC Complaint Made Against Genesis Toys and Nuance Communications

On December 6, 2016, The Electronic Privacy Information Center, The Campaign for a Commercial Free Childhood, The Center for Digital Democracy and Consumers Union filed a Complaint and Request for Investigation, Injunction and Other Relief (Complaint) with the Federal Trade Commission (FTC) against Genesis Toys (Genesis) and Nuance Communications (Nuance) regarding alleged violations of the … Continue Reading

U.S. Department of Education Issues Guidance on Student Medical Records

On September 14, 2016, the Department of Education (DOE) issued a “Dear Colleague Letter” to provide guidance on the application of the Family Educational Rights and Privacy Act (FERPA) to the disclosure of student medical records in the context of litigation. FERPA generally prohibits a school from disclosing personally identifiable information from a student’s education … Continue Reading

DOJ and DOE issue guidance on privacy rights of transgender students

On May 13, 2016, the Department of Justice and the Department of Education issued a “Dear Colleague Letter” (DCL) describing reasonable steps to protect transgender students under Title IX of the Educational Amendments of 1972 (Title IX) as well as the Family Educational Rights and Privacy Act (FERPA). Title IX prohibits discrimination on the basis … Continue Reading

Are kids’ connected toys secure enough?

If the Hello Barbie complaints weren’t enough, now it has been announced that researchers determined that the kids’ toys, the Fisher-Price Smart Toy Bear and the hereO GPS watch, had some serious security vulnerabilities.  The Smart Toy Bear’s backend programming used unsecured application programming interfaces (APIs) to allow portions of software code to interact. Sounds … Continue Reading

More child identity theft, but more protections for children’s data

It seems that 2016 will mean MORE child identity theft. Why? Because with the increased amount of data collection from children and young adults at schools, health care facilities, retailers, and by advertising companies, hackers can gain access to centralized data systems with a plethora of high-value information from children.  However, perhaps 2016 is also … Continue Reading

Two mobile app developers collect persistent identifiers and pay out $360,000 in fines for COPPA violations

LAI Systems, LLC (LAI) and Retro Dreamer agreed to pay civil penalties of a combined $360,000 to settle charges issued by the Federal Trade Commission (FTC) that they violated the Children’s Online Privacy Protection Act (COPPA) by allowing advertising companies to use persistent identifiers, collected through their mobile apps, to elicit specific advertisements to children. … Continue Reading

FAA announces streamlined drone registration process

On Monday, December 14, the Federal Aviation Administration (FAA) announced a “user-friendly” online aircraft registration system for owners of drones (or more officially called “small unmanned aircrafts”) that weigh more than 0.55 pounds but less than 55 pounds. This registration is a statutory requirement that applies to all types of aircrafts. Anyone who has owned … Continue Reading

Mattel gets hit with class action over Hello Barbie’s invasion of children’s privacy

We reported last month ago about the release of Mattel’s new Hello Barbie (and the “Hell No Barbie Campaign”), with the capability to ‘carry a conversation’ with a child using speech recognition software and storage of conversations in the cloud. This week, in Los Angeles Superior Court, two moms filed a class action on behalf … Continue Reading

Facial recognition technology may be used as a method of verifiable parental consent

This week, the Federal Trade Commission (FTC) determined that companies covered by the Children’s Online Privacy Protection Act (COPPA) can use facial recognition technologies to match a parent’s photo on a government-issued identification to “selfies” that the parent submits via mobile phone or webcam as a method of verifiable parental consent, as required by COPPA. … Continue Reading

Parental consent by selfie?

As a general rule, the Children’s Online Privacy Protection Act (COPPA) requires operators of websites (including mobile apps) directed to children under the age of 13 to obtain verifiable parental consent before collecting personal information from those users. COPPA sets forth a non-exhaustive list of acceptable methods for obtaining parental consent. For example, operators can … Continue Reading
LexBlog