Galvanized by a confluence of charged factors—like privacy, cybersecurity, children, and the Internet of Things (IoT)—and sparked by recent assertions of Children’s Online Privacy Protection Act (COPPA) regulatory power, the US Federal Trade Commission (FTC) entered into a pioneering settlement with electronic toy manufacturer VTech regarding a breach of children’s personal information. The FTC’s message to companies is crystal clear: when it comes to kids’ data, transparency and security are elemental.

Scarce Insulation from COPPA

The COPPA Rule explains what operators of websites and online services must do to protect children’s privacy and safety online, and the FTC serves as the enforcer. As we previously discussed, the FTC released updated guidance in response to concerns about the security of data collected and used by internet-connected products geared toward children. The FTC noted that COPPA defines “website or online service” broadly and specifically listed connected toys and IoT devices within the COPPA Rule’s purview. Although the FTC released a policy that permits collecting a recording of a child’s voice without parental consent in certain situations, such circumstances are narrowly limited to the sole and limited purpose of replacing written words—say, an instruction—and the recording must be immediately destroyed.

Upcoming Webinar

October 17, 2017

On October 25, A. Benjamin Klaber, a lawyer in our technology, outsourcing, and commercial transactions group, will be co-presenting a CLE-webinar, “Drafting Website and Mobile App Terms of Use, Privacy Policy, and IP Protections.” The webinar will offer guidance on drafting and enforcing terms of use, privacy policies, and IP protection language for websites and mobile apps to effectively mitigate business risk.

The webinar will take place from 1:00–2:30 pm EDT. 

Additional information regarding the webinar, registration, and CLE credits can be found here.