- with readers working within the Media & Information and Securities & Investment industries
- within Energy and Natural Resources topic(s)
Companies can take many lessons from the FTC's recent COPPA settlement with a robot app from the toy manufacturer Apitor Technologies. According to the FTC complaint, the app allegedly allowed a Chinese entity to collect and share children's geolocation information without parental consent – violating COPPA. In particular, children could use the app to program their robots, but to do so, they needed to enable location permissions. Once enabled, a third party SDK (JPush), developed by Chinese-based entity Jiguang, would send the child's location to that entity's Chinese-based servers.
The FTC's concerns stemmed from COPPA's requirements to, among other things, get parental consent before collecting children's personal information, and outlining (in a company's privacy policy) how children's personal information would be used. The FTC based its claims on the fact that geolocation information is personal information, and as such triggers' COPPA's consent and notice obligations. Beyond the COPPA violations, it appears that the FTC's concerns were potentially premised on two issues: that information was being sent to an entity in China, and the sensitive nature of children's geolocation information.
To settle this matter, Apitor agreed, among other things, to delete the geolocation information, modify its privacy policy, and get parental consent moving forward. In addition, the company agreed to delete children's information either if a parent asks, or when it is no longer needed. While the FTC imposed a $500,000 civil penalty, it was suspended for an inability to pay.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.