COPPA
Latest
FTC loosens guidelines to let kids use voice commands
The Children's Online Privacy Protection Act bars companies from collecting audio recordings from kids under 13 without their parents' permission. However, that raises concerns about voice assistants like Amazon's Alexa, Apple's Siri or Google Assistant: is it legal for under-13s to use voice commands, given that there's rarely (if ever) a permanent recording to put them at risk? According to the Federal Trade Commision, the answer is yes... within limits. The agency has stated that it won't pursue enforcement action against companies simply because they let kids issue voice commands. So long as the firms only hold on to recordings for a brief moment and use them solely for voice commands, they'll usually be in the clear.
Lawsuit claims Disney illegally collected data in kids apps
The Walt Disney Company is being sued because a number of its apps geared towards children have allegedly been collecting personal information that the company has been sharing with advertisers. The class action suit, brought forth by a California woman, claims that Disney and three software companies involved in the development of 42 youth-aimed apps have used software to track the apps' users online activity, which was subsequently sold to advertisers without consent of the parents.
US senator wants to make sure the FTC takes smart toys seriously
It's not just parents that are worrying about the security of connected toys. Senator Mark Warner has sent a letter to the Federal Trade Commission grilling it about efforts to protect kids' privacy when they use smart toys like the CloudPets you see above. He's particularly worried that FTC Acting Chairwoman Maureen Ohlhausen is shrugging off concerns about how companies handle kids' data. In recent statements, she argued that the FTC should focus on "objective, concrete harms," such as financial damage or health risks -- toy data leaks might not fit under that bill.
Internet-connected toys accused of spying on kids
Smart toys can certainly inject some life into playtime, but they raise big privacy concerns when an internet connection is involved... and if you believe some critics, at least a few toys have crossed the line. Over 18 privacy groups are filing complaints with both the US' Federal Trade Commission and the European Union alleging that Genesis Toys and its tech partner Nuance are violating deceptive practices and privacy laws (including COPPA) through the way certain toys record kids' voices. Reportedly, i-Que and My Friend Cayla not only capture kids' voices without adequate notice or permission, but send it to Nuance with few safeguards over how that information is handled. It could be used in databases that Nuance sells to police and intelligence agencies, the groups say.
Websites settle with New York over online child tracking
Some of the biggest child-oriented websites are learning a hard lesson about the importance of respecting kids' privacy. New York state has reached settlements with Hasbro, JumpStart Games, Mattel and Viacom for violating the Children's Online Privacy Protection Act by collecting personal information from kids under 13. They'll all have to reform their sites (such as those for Hot Wheels, Neopets and Nickelodeon) to honor COPPA's safeguards and screen third-party trackers. JumpStart, Mattel and Viacom will also have to pay a collective $835,000 in penalties and provide regular reports on their scan results. Hasbro is dodging those bullets only because it's part of an FTC-sanctioned safe harbor program.
Google confirms that it's designing kid-friendly versions of its services
Those murmurs that Google was retooling its services for kids? Yep, they're real. The search giant tells USA Today that it's creating versions of its products for the 12-and-under crowd, with plans to start launching them in 2015. The company isn't saying just what content will get the child-friendly treatment, but it's most likely to involve things with a broad appeal, such as YouTube. There are hints that it might also prioritize search results for things kids expect. A search for "trains," for example, may put more emphasis on Thomas the Tank Engine than mass transit.
Turns out TRUSTe isn't so trustworthy, settles FTC complaint
Spend enough time on the web and you're bound to come across TRUSTe's logo. It signifies that the site you're on -- like eBay, Yelp and Etsy -- self-certified with TRUSTe's set of membership requirements like the Children's Online Privacy Protection Act (COPPA), the EU-US Safe Harbor Framework and generally has an eye toward keeping any of your sensitive info safe. Except the outfit's seal might not mean too much anymore. Why? Because it's settling with the Federal Trade Commission on a claim that from 2006 to 2013 the company failed to hold websites accountable for keeping consumers' private info safe. The FTC says that in that span of time, there were some 1,000 "incidences" where companies weren't forced to re-certify on an annual basis despite TRUSTe's site claiming otherwise. Right about now you're probably wondering how much these infractions will cost the firm. Well, if you guessed $200,000 you'd be right on the money.
Yelp settles with the FTC over claims it collected personal info from kids
The FTC is eager to crack down on any perceived online privacy violations, especially when they involve children -- and we just got a good demonstration of that eagerness today. Both Yelp and mobile app developer TinyCo have settled with the FTC over allegations that they knowingly scooped up kids' personal information without permission. Yelp is paying a $450,000 penalty because it didn't have an effective age screen in its apps, letting those under 13 sign up by themselves. TinyCo, meanwhile, is shelling out $300,000 after some of its kid-oriented games asked for email addresses in return for in-game currency. These aren't the biggest settlements we've seen by any stretch, but they'll hopefully serve as warning to any app creator that wants to collect your little ones' data.
Google's getting ready to open its web services to kids
13 is a big year in a young one's life: you've officially tip-toed into adolescence, your body starts to go a little batty and you can finally sign up for a Google account. According to a new report from The Information, though, Google is gearing up to unleash its services on an even younger audience, and it's dealing with stringent legal requirements so it can start courting kids. Among the bits Google reportedly has in the works are a child-friendly version of YouTube (hard as that can be to imagine) and an online dashboard that allows parents to keep tabs on their kids goings-on as they flit around online.
Path settles with the FTC over contact privacy violations
Path was quick to mend its ways after a dust-up over collecting contact information from iOS users without their consent, but it wasn't quick enough to avoid FTC claims of violating the Children's Online Privacy Protection Act. All that is just water under the bridge in the wake of a new settlement. As compensation for collecting contact information from 3,000 children without their parents' permission, Path has agreed to both pay a $800,000 fee and implement a privacy plan that will require audits from an outside party every other year. Consider it a lesson learned for Path and other mobile app firms, which now know that scraping personal data may have unintended consequences.
Path reaches a settlement with the FTC over COPPA violations
Path is paying handsomely for allowing minors under the age of 13 years old to sign up for its service. According to a statement released Friday, Path has settled with the FTC over an alleged violation of the Children's Online Privacy Protections Act (COPPA) involving 3,000 underage accounts. The social network has agreed to pay an US$8,000 fine. It will also establish a privacy program and submit to regular privacy assessments for the next 20 years. This COPPA violation was discovered as part of a bigger investigation following the revelation that Path uploaded iPhone contact information to the service's database without permission. [Via GigaOM]
FTC introduces changes to Children's Online Privacy Protection Act, parental permission now required to collect information
The Children's Online Privacy Protection Act (or COPPA) was first introduced back in 1998, but you don't have to look very far to realize the internet has changed quite a bit since then. Today, the FTC is attempting to address some of those changes by introducing the first major revision to the act. Among the biggest changes is that operators of websites or online services will now have to seek permission directly from parents in order to collect information from anyone under the age of 13 when they have "actual knowledge that they are collecting personal information through a child-directed website or online service." In another change related to that, the FTC has also clarified that "personal information" now includes geolocation data in addition to photos and videos, and it says it has closed a loophole that allowed apps and websites to collection information through plug-ins. The agency will not, however, hold companies like Apple and Google liable for apps from other companies which attempt to collection information from children, and it will permit "contextual advertising" to children without the need for parental consent. You can find the FTC's full announcement of the changes after the break.
FTC requires iOS developers to pay $50K fine for collecting user data
App developers writing applications that target children have to be very careful when they collect and store information about their users. They may find themselves the subject of an FTC investigation. The Children's Online Privacy Protection Act (COPPA) requires websites and other online entities to obtain parental consent when collecting data on children under the age of 13. The procedure to gain this consent can be cumbersome which is why many websites don't allow children under the age 13 to join. The COPPA Act also applies to mobile applications as W3 Innovations recently found out. W3 Innovations is the parent company of Broken Thumbs Apps which is responsible for apps such as Zombie Duck Hunt and Emily's Dress Up. These apps are designed for children and apparently collected information about their young users. According to Ars Technica, the developers compiled over 30,000 email addresses and personal information such as user names from 600 people, many of whom were likely under the age of 13. Parents were unaware this information was being collected and used for marketing purposes. The FTC stepped in and slapped W3 Innovations with a lawsuit last Friday, August 12th. Rather than fight the charges, the company decided to pay the US$50,000 fine.
ESRB issues apology over email leak
Yesterday, we learned that the ESRB (Entertainment Software Rating Board) accidentally emailed the names of people who had complained about Blizzard's potential use of Real ID names on the official Blizzard forums. The ESRB has since sent out this apology: Yesterday we sent an e-mail to a number of consumers who wrote to us in recent days expressing their concern with respect to Blizzard's Real ID program. Given the large number of messages we received, we decided to respond with a mass e-mail so those who'd written us would receive our response as quickly as possible - rather than responding to each message individually, as is our usual practice. Through an unfortunate error by one of our employees, some recipients were able to see the e-mail addresses of others who wrote on the same issue. Needless to say, it was never our intention to reveal this information and for that we are genuinely sorry. Those who write to ESRB to express their views expect and deserve to have their contact and personal information protected. In this case, we failed to do so and are doing everything we can to ensure it will not happen again in the future. The fact that our message addressed individuals' concerns with respect to their privacy underscores how truly disappointing a mistake this was on our part. We work with companies to ensure they are handling people's private information with confidentiality, care and respect. It is only right that we set a good example and do no less ourselves. We sincerely apologize to those who were affected by this error and appreciate their understanding. Sincerely, Entertainment Software Rating Board I am glad that the ESRB apologized, and it is telling that they have also acknowledged how ridiculous the mistake was in light of the subject matter. Suffice it to say, good on the ESRB for not only apologizing but understanding the issues present over online privacy. Hopefully this whole debacle can be used as a teaching moment.
ESRB unintentionally exposes email addresses of people who filed complaints over Blizzard's Real ID system [Updated]
digg_url = 'http://digg.com/gaming_news/ESRB_exposes_emails_of_gamers_who_filed_privacy_complaints'; Update: The ESRB has since issued an apology. During the recent Real ID catastrophe on the forums, many players decided to appeal to an industry source that might have been able to sway Blizzard to change its mind. These players contacted the ESRB (Entertainment Software Rating Board) as a Better Business Bureau-type middleman in this situation with their concerns. The ESRB itself has championed such causes in the past with its Privacy Online program, which is designed to help companies meet various privacy laws like the Children's Online Privacy Protection Act (COPPA). Since Blizzard recanted its decision about the forums, the ESRB faithfully followed up with those concerned. Unfortunately, in that followup email, the ESRB exposed individuals to a new set of privacy concerns. The letter and more information after the break.
Netbook-based robot takes popcorn orders via-Twitter
In the far-out, sci-fi future of 2009, robots are doing some pretty amazing things, like capturing prowlers, assembling communications networks, and playing Rock / Paper / Scissors. Now, with a little help from RoBe:Do and Twitter, robotics has achieved what may be its crowning achievement: couch-side popcorn delivery. Coppa is a $1,649 software-ready robot (you supply the machine's netbook brain) that arrives with native support for a plethora of languages and tools (including C / C++ / C#, Flash AS3, Java,Microsoft Robotics Studio, .NET, and Visual Basic), and ships with a 12V rechargeable battery, autofocus webcam, and a sonar system. Optional accessories include motion, heat, and humidity sensors, and servo-driven grabbing actuators. The video below shows one such unit that's been programmed to take popcorn orders via-Twitter, timed to deliver the goods when the operator arrives home from work. Couch surfing may never be the same. [Via SlashGear]
