April 13, 2017
Last week, the New York State Attorney General’s Office (“NYAG”) announced that San Francisco-based privacy technology company True Ultimate Standards Everywhere, Inc. (“TRUSTe”) has agreed to pay $100,000 in connection with TRUSTe’s children’s privacy safe harbor program.
How can Internet and mobile app marketers steer clear of children’s privacy violations?
TRUSTe’s Children’s Privacy Certification Program
For over a decade, TRUSTe has offered a Children’s Online Privacy Protection Act (“COPPA”) safe harbor certification program to operators of websites and mobile applications that target or collect personal information from children under the age of 13.
Regulators provide safe harbor to website and app operators who participate in TRUSTe’s program and comply with applicable program rules. As part of its certification program, TRUSTe is required to conduct an annual review of its customers’ policies, practices and representations for COPPA compliance purposes.
NYAG Investigation and Settlement
On August 6, the NYAG announced that TRUSTe had settled claims of alleged COPPA violations. In a statement, Attorney General Eric T. Schneiderman claimed that “TRUSTe failed to meet its obligations to keep children safe from the prying eyes of online trackers and its customers within the parameters of the law.”
Specifically, the NYAG alleges that TRUSTe failed to:
- adhere to its own COPPA compliance policies;
- provide its customers with relevant results from its electronic scans; and
- independently verify whether customers’ tracking technologies violated COPPA’s children’s privacy
The parties’ settlement agreement requires TRUSTe to pay a $100,000 penalty and adopt new measures to strengthen its privacy assessments. The announcement was made in connection with the NYAG’s “Operation Child Tracker” – an ongoing regulatory investigation of marketers and affiliate advertisers that employ non-compliant tracking practices on child-facing websites.
The Federal Trade Commission (“FTC”) and state attorneys general have been vigilant in protecting the privacy rights of consumers – especially children’s privacy rights. If you regularly collect, use and/or share consumer data, it is necessary that you obtain consumer express informed consent to do so and to otherwise abide by applicable laws, rules and regulations. In today’s regulatory climate, it is not sufficient to bury your consumer data practices in a long privacy policy without further disclosures and appropriate consent. It is important, therefore, to have your privacy policies and other data collection practices reviewed by competent counsel before the FTC or a state attorney general comes calling.
If you are interested in learning more about this topic, please visit the Privacy and Data Security practice area of our website. If you are being investigated or have been served with process concerning your consumer privacy practices, please e-mail us at info@kleinmoynihan.com or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Attorney Advertising
Related Blog Posts:
FTC and State of New Jersey Settle Consumer Privacy Claims with VIZIO
California Court Finds That Violations of Privacy Law Constitute “Concrete Injury”
July’s New COPPA Requirements and Their Effect on Mobile Apps
