Ask a parent about their biggest concern when it comes to having their young children log too much screen time on tablets or smart phones, and you’re likely to hear answers ranging from poor academic performance to simply not getting outside more to blow off steam.

But a more pressing concern regarding children and connected technology has come to the forefront with the Federal Trade Commission’s (FTC) tandem settlements with companies alleged to have violated the Children’s Online Privacy Protection Act (COPPA). And that concern is the privacy of our children.

Specifically, the FTC took action against VTech Electronics Limited (VTech), the provider of digital learning games and the operator of the “Kid Connect” app for children, as well as Prime Sites, Inc., operating as Explore Talent (Explore), an online talent search network for aspiring actors and models. My colleagues Allison Fitzpatrick, Samantha G. Rothaus and Vivian W. Byrwa detailed these settlements, and their significance, in “Developments in Connected Technology Create New COPPA Challenges,” which was published in Trends in Marketing Communications Law, Davis & Gilbert’s annual publication surveying laws impacting marketing and advertising.

The VTech settlement was a landmark event, marking the FTC’s first-ever COPPA case involving connected toys. In 2015, VTech discovered that a hacker had breached its network and accessed children’s personal information, such as addresses, which was linked to their parent’s registration data. This led the FTC to allege that the company’s collection of such personal information from children without explicit parental notice and consent signified a breach of COPPA, culminating in the settlement. Not long after, another domino fell, as the FTC announced its settlement with Prime Sites, Inc., alleging that the company violated COPPA by failing to prominently display its privacy policy or obtain verifiable parental consent prior to collecting, using or disclosing children’s personal information — among other allegations.

The companies behind connected children’s devices need to be wise to more than the FTC’s enforcement of COPPA. That’s because there are several other entities scrutinizing how children interact with the world through connected devices. This includes consumers, who launched a class action suit against Disney and Viacom last year, alleging child-directed mobile apps and games violated children’s privacy rights. Additionally, in 2017, the FBI joined the fray, issuing a public service announcement warning about the cybersecurity risks of smart toys — specifically noting the sensors, mics, cameras, GPS and data storage functions that can put children’s privacy and safety at risk.

The focus on children’s privacy has moved beyond just the devices they use and onto the services they access from tablets, smart phones and more. In September, a bi-partisan team of congressmen sent a letter to Google seeking answers regarding how YouTube, a Google subsidiary, goes about collecting user data from children. New Mexico Attorney General Hector Balderas went a step further, filing a lawsuit against Google, Twitter and other companies alleging unlawful tracking of young users without parent consent. Just recently, Oath, Inc., formerly known as AOL Inc., agreed to pay $4.95 million to settle allegations brought by the New York Attorney General’s Office claiming that AOL violated COPPA by collecting personal information from children for targeted advertisements. This was the largest penalty ever in a COPPA enforcement matter.

The Way I See It

  • Companies can no longer wing it when it comes to ensuring our children’s digital privacy. For starters, and to fully comply with COPPA, operators’ privacy policies should be prominently displayed, meaningfully disclose information collection and usage practices, and adequately notify parents about information collected from children.
  • While young kids don’t have financial information that could be exposed, data such as addresses, and details potentially gathered through geo-location functionality is even more important to protect. Connected toys, apps and games should incorporate data security technologies to protect children’s personal information from hackers and data breaches.
  • This is more than an FTC issue. Entities ranging from prosecutors and consumer class action plaintiffs to lawmakers and the FBI are raising awareness to the issue while bringing their own COPPA enforcement actions.