Children's Privacy

Subscribe to Children's Privacy

China’s PCPPIC protects children’s personal information in much the same way as COPPA and the GDPR, but with a few differences.

By Wei-Chun (Lex) Kuo, Weina (Grace) Gao, and Cheng-Ling Chen

On August 22, 2019, the Cyberspace Administration of China (CAC) released a new data privacy regulation related to children, the Provisions on Cyber Protection of Personal Information of Children (儿童个人信息网络保护规定)(PCPPIC). The regulation will come into effect on October 1, 2019, and will apply within the People’s Republic of China (PRC).The PCPPIC’s stated purpose is “protecting the security of children’s personal information and promoting the healthy growth of children in the PRC.” In 29 Articles, the PCPPIC sets forth high-level requirements for the collection, storage, use, transfer, and disclosure of the personal information of children within PRC territory.

The FTC and many state attorneys general aggressively monitor apps, websites, and internet-connected products for COPPA compliance.

By Jennifer C. Archie, Michael H. Rubin, and Alexander L. Stout

In the United States, collecting data directly from children under 13 years of age is tightly regulated by a federal statute, which is aggressively monitored and enforced. Under the Children’s Online Privacy Protection Act (COPPA), even seemingly straightforward online data collection and storage practices such as logging an IP address or storing an email address are subject to strict requirements, such as providing notice and obtaining advanced parental consent prior to collection or storage.

Under COPPA, obtaining proper consent can be technically or administratively burdensome, expectations shift with technological advancement, regulatory exceptions are vague, and penalties are calculated on a per-violation basis. COPPA is enforced by the Federal Trade Commission (FTC) and state attorneys general, both of which are very active in this area. Although the FTC maintains a website with answers to frequently asked questions, the law is complicated, and companies should consult with an attorney.

The State of California, long the most proactive U.S. state in enacting data privacy laws, has again modified its breach notification and data protection laws.  This week, Governor Jerry Brown signed two privacy bills into law:  SOPIPA (SB 1177), aimed at regulating the use of student data, and AB 1710, targeting data protection more broadly.  Taken together, these bills highlight the continuing compliance challenges facing American businesses which must conform not only to state-specific privacy standards, but also monitor

By Jennifer Archie, Kevin Boyle & Alex Stout

Yesterday, the Federal Trade Commission announced a settlement with Snapchat, the young mobile messaging company. The complaint alleges misrepresentations about functionality and related security as well as privacy violations, including misrepresenting the amount of data Snapchat collected from users and the use of location data for analytics purposes.  Notably, some of Snapchat’s troubles flow from unauthorized third party applications that exploited issues in its non-public API.

First, a bit about Snapchat.

By Drew Wisniewski & Jennifer Archie

Governor Jerry Brown signed California Assembly Bill 370 (“A.B. 370”), an amendment to the California Online Privacy Protection Act (“CalOPPA”), into law on Friday, September 27. As previously reported here, A.B. 370 requires an operator of a Web site or online service that collects “personally identifiable information” to disclose how it responds to “do not track” signals. Attorney General Kamala Harris applauded Brown for signing the bill, which she sponsored.   Harris said in

By Drew Wisniewski and Jennifer Archie

On September 3, 2013, California Assembly Bill 370 (“A.B. 370”), an amendment to the California Online Privacy Protection Act (“CalOPPA”), was enrolled and sent to Governor Jerry Brown for his signature.  A.B. 370, which was sponsored by Attorney General Kamala Harris, requires an operator of a Web site or online service that collects “personally identifiable information” to disclose how it responds to “do not track” signals.  Under the California Constitution, the Governor has 12

By Kevin Boyle and Aryeh Richmond

Here is a reminder that the Federal Trade Commission’s revisions to its Children’s Online Privacy Protection Rule become effective on July 1.  If you haven’t already, now is the time to make sure you have revisions to meet the rule in place as FTC and state attorney general inquiries and formal investigations are sure to follow the extensive public notices about the new rule as well as the need to comply on time. 

First

Spokeo Consent Decree Serves as Important Caution to Buyers and Sellers of Social Media Reports on Consumers to Understand and Comply with FCRA

By Jennifer Archie, Kevin Boyle and Kelsey McPherson

As part of a settlement announced Monday, the FTC sends a reminder that the requirements of the Fair Credit Reporting Act (“FCRA”) apply to a service that aggregates data made publicly available on social media sites and then markets the data to businesses for use in hiring decisions. Web

Thumbnail image for iStock_000005643842XSmall.jpgGoogle has consented to the entry of a proposed Agreement Containing Consent Order with the US Federal Trade Commission, subjecting the company to sweeping government oversight of its privacy disclosure and product development and release practices, nominally arising out of the roll-out of its Buzz product in February 2010. The auditing and reporting requirements are staggering in scope, breadth and duration, reaching Google’s entire business, not merely online communication products such as Gmail. One interpretation of the (rather amazing) document