Beginning January 1, 2016, the recently-enacted “Delaware Online Privacy and Protection Act”1 (DOPPA) will take effect and will impact all companies with online services used by Delaware residents. DOPPA consists of three separate online privacy laws: (1) a law prohibiting certain types of online marketing or advertising to minors;2 (2) a law requiring commercial websites and online services to post privacy policies;3 and (3) a law restricting government access to user records kept by online book service providers.4 The laws are substantively similar to online privacy laws already in effect in other states, and are particularly similar to laws in effect in California. The Consumer Protection Unit of the Delaware Department of Justice can enforce DOPPA’s three laws under the same provisions that it enforces other state consumer protection laws.5 DOPPA does not create a private right of action for any of the three laws.6
Continue Reading Delaware Enacts New Online Privacy Laws
COPPA Looms Large for Mobile Apps
The Children’s Online Privacy Protection Act (COPPA) prohibits companies from collecting personal information from children under the age of 13 without first providing notice to parents and obtaining their verifiable consent. The Federal Trade Commission’s (FTC) recent settlements with Yelp and TinyCo serve as a reminder to mobile app developers that the failure to consider COPPA when developing and testing mobile apps can have serious consequences.
Continue Reading COPPA Looms Large for Mobile Apps
California Enacts Landmark Student Privacy Laws
In keeping with its position as the nation’s leader on privacy issues, the state of California recently enacted significant new laws on student privacy and education data. The Student Online Personal Information Protection Act (SOPIPA) sets forth a variety of restrictions on how operators of online services offered in schools can use and disclose student information, and requires operators to implement reasonable security measures to protect student data. A separate law (A.B. 1584) sets forth privacy requirements for providers of digital storage services and educational software used in schools. A final law (A.B. 1442) establishes privacy requirements for companies that collect students’ social media information on behalf of schools. The laws were signed by Governor Jerry Brown on September 29, 2014.
Continue Reading California Enacts Landmark Student Privacy Laws
FCC Clarifies That Consent May Be Provided by Intermediary for Informational Text Messages
On March 27, 2014, the Federal Communications Commission (FCC) addressed an outstanding petition1 seeking guidance for compliance with the “prior express consent” requirement of the Telephone Consumer Protection Act (TCPA) for informational text messages.2 In a declaratory ruling, the FCC provided clarification of this requirement, and specifically addressed whether an intermediary may provide such consent. The FCC agreed with group texting service GroupMe, Inc. that, consistent with the TCPA, intermediaries may convey consent provided by others to receive informational text messages.3 However, the FCC made clear that companies ultimately remain liable where intermediaries fail to obtain the required consent. The ruling demonstrates a current trend at the FCC to allow businesses communicating with consumers by text message some flexibility while navigating the TCPA’s increasingly complex requirements.
Continue Reading FCC Clarifies That Consent May Be Provided by Intermediary for Informational Text Messages
Apple Agrees to Refund at Least $32.5 Million to Settle FTC Complaint Alleging That It Charged Kids’ In-App Purchases Without Parental Consent
On January 15, 2014, the Federal Trade Commission (FTC) announced that Apple, Inc. had agreed to pay a minimum of $32.5 million in full refunds to consumers to settle allegations that the company was billing customers for purchases that children made from the company’s App Store without parental consent.1 According to the FTC, since at least 2011, thousands of children had unwittingly racked up significant App Store charges without their parents’ knowledge because the company’s billing procedures allowed users to incur unlimited in-app charges for a 15-minute window after downloading new software onto a device.2
Continue Reading Apple Agrees to Refund at Least $32.5 Million to Settle FTC Complaint Alleging That It Charged Kids’ In-App Purchases Without Parental Consent
FTC Settlement with Flashlight App Requires Extensive Disclosures Outside of the Privacy Policy to Collect and Share Geolocation Information
The Federal Trade Commission (FTC) announced on December 5, 2013, that Goldenshores Technologies, LLC and its managing member, Erik M. Geidl, agreed to a proposed settlement over claims that Goldenshores, through its “Brightest Flashlight Free” mobile application, violated Section 5(a) of the FTC Act prohibiting unfair or deceptive acts and practices affecting commerce by failing to disclose that the app transmitted user data, including precise geolocation information and persistent identifiers, to third parties such as advertising networks. Under the settlement, Goldenshores must provide just-in-time disclosures outside of the privacy policy and obtain affirmative express consent from users before collecting, using, or disclosing geolocation information. The settlement agreement (referred to here as “the order”) was subject to public comment through January 6, 2014. The FTC will now decide whether to reach a final settlement with Goldenshores.
Continue Reading FTC Settlement with Flashlight App Requires Extensive Disclosures Outside of the Privacy Policy to Collect and Share Geolocation Information