App Developers Should Note Revisions to COPPA FAQs


App Developers Should Note Revisions to COPPA FAQs

The FTC’s July 10, 2014 complaint filed against Amazon has left app developers with concerns about how to make apps that target kids and still comply with the law. The complaint, brought under Section 5(a) of the FTC Act, alleged that Amazon failed to obtain parents’ or account holders’ informed consent to in-app charges incurred by children. While the complaint was not brought under the Children’s Online Privacy Protection Act (COPPA), the increased scrutiny on child-targeted apps should have all app developers making sure they understand what COPPA requires when it comes to getting parental consent.

Generally, COPPA requires “operators” of online services (including mobile apps) to get “verifiable parental consent” before collecting personal information from a child. This week, the FTC updated its COPPA FAQs page with three new or revised entries elaborating how verifiable parental consent works in the context of mobile apps. Importantly, new FAQ H.10 makes clear that collecting a parent’s app store password – i.e., the password linked to a parent’s account on the iTunes App Store, the Amazon App Store, or the Google Play Store – does not, by itself, qualify as notice to and consent from a parent as COPPA requires. The consent mechanism “must be reasonably calculated, in light of the technology available, to ensure that the person providing consent is the child’s parent.” The FAQ suggests that password entry in combination with such measures as authentication questions may provide sufficient assurance that the person entering the password is the child’s parent.

Importantly, provision of credit card information alone is not verifiable consent. Credit card information is considered verifiable consent if the card is used in connection with a monetary transaction, but not necessarily without one. Revised FAQ H.5 suggests that provision of credit card information without a transaction may be part of verifiable consent when used in combination with such measures as security questions.

The newly added FAQ H.16 reiterates that COPPA does not apply to app stores, “when such stores merely offer the public access to someone else’s child-directed content.” Children’s Online Privacy Protection Rule, 78 Fed. Reg. 3972, 3976 (January 17, 2013). App store owners are generally not “operators” to which COPPA applies. H.16 does, however, caution app store owners to “evaluate [their] potential liability under Section 5 of the FTC Act.” In light of the Amazon complaint, that is sage counsel.

 

You may also like...

1 Response

  1. disqus_UxVlbPXzBJ says:

    I continue to be amazed and stunned by the amount of development, often of enormous highrises, right next to the water’s edge. This despite the overwhelming evidence that climate change will swamp these sites in the coming decades, as the seas rise and reclaim the shoreline. nnEventually, some time in the future (but as each new revelation of how much warmer things will get, how much faster this will happen) we’re going to lose almost all of NYC, and so much else.nnHere’s the map showing what’s left when the seas rise 100 feet:

Leave a Reply

Your email address will not be published. Required fields are marked *