September 23, 2019

September 20, 2019

Subscribe to Latest Legal News and Analysis

FTC Settles with Online Talent Search Site over COPPA Violations

Earlier this week, the US Federal Trade Commission (FTC) settled a complaint against the operator of an online talent search company, asserting that the talent search company’s collection and disclosure of children’s personal information violated the Children’s Online Privacy Protection Act (COPPA) by failing to obtain parental consent, failing to provide adequate notices, and failing to implement the appropriate restrictions in compliance with COPPA. Under the terms of the settlement, the company agreed to pay $235,000.

The FTC’s complaint asserted that the company collected the information of more than 100,000 children under age 13, but failed to disclose to parents or the public how that data was collected, used, or disclosed. Though the website privacy policy stated that the company would not knowingly collect personal information from children under 13, according to the FTC’s complaint, the company imposed no restrictions on users who indicated they were under the age of 13 and did not take steps to verify whether legal guardians were creating the children’s accounts. According to the complaint, much of the information collected was available on publicly visible user profiles.

Managing COPPA Compliance

As we have described in a previously on the current COPPA rules  entities covered by COPPA must adhere to several requirements, including the following:

  • Posting a clear and comprehensive privacy policy

  • Providing direct notice to parents and obtaining verifiable parental consent before collecting personal information from children, with limited exceptions

  • Providing parents access to their children’s personal information, as well as the right to request deletion and/or opt out of further collection or use of such information

  • Limiting the disclosure of children’s information, and taking reasonable steps to release such information only to third parties capable of maintaining its confidentiality and security

  • Retaining children’s personal information only as long as necessary to fulfill the purpose for which it was collected

The recent settlement with the FTC makes it clear that it is not enough to simply post a privacy policy and state that your service does not collect personal information of children under age 13—to comply with COPPA and avoid the risk of enforcement action by the FTC, websites and online services must take meaningful policy and procedural steps to ensure compliance. Among other resources, the FTC has provided a six-step compliance plan to assist organizations as they evaluate whether they are subject to COPPA and how they can approach adopting a compliant privacy policy and adequate procedures.

Copyright © 2019 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

Emily Lowe, Corporate finance Attorney, Morgan Lewis
Of Counsel

Emily R. Lowe represents clients in commercial transactions, with a focus on the acquisition, use, protection, development, and commercialization of technology and biotechnology. Emily helps domestic and international companies commercialize their products through various commercial vehicles, including manufacturing and supply agreements and distribution strategies, and development and licensing agreements.

412.560.7438
Glen Rectenwald, Morgan Lewis, Technology Attorney
Associate

Glen W. Rectenwald focuses his practice on technology, outsourcing, and commercial transactions. He regularly assists a broad range of clients with development, licensing, and distribution agreements; strategic alliances and joint ventures; manufacturing and supply agreements; complex outsourcing and strategic commercial transactions; and general commercial matters. Glen’s experience also includes mergers and acquisitions, private equity, venture capital, and general corporate matters.

412-560-7413