COPPA turns 20: How it has impacted data privacy law for children

The pioneering law protecting children’s activity online, COPPA, is 20 years old this week.

 The occasion is being marked by events taking place on Capitol Hill this week and at Georgetown University next week, where the original author of the landmark legislation, Sen. Ed Markey (District of Massachusetts), and industry participants are discussing the law’s impact and where to take it next.

Continue reading

Five lessons from the report showing thousands of Google Play kids’ apps are in breach of COPPA

An academic study published this week reveals that thousands of kids’ apps are collecting and transmitting personal information to third parties, in possible breach of COPPA (and soon, GDPR-K).

 The research from academics at the University of California at Berkeley is the most comprehensive ever done to assess the data collection and sharing practices of the most popular kids’ games and apps, and the results were covered in The Guardian and elsewhere.

It demonstrates how hard it is to comply with COPPA using existing ad technology built for the adult market, vs kidtech that is based on zero-data collection.  And it usefully highlights the lack of common frameworks and standards between the regulators, the app stores and developers.

Continue reading

The GDPR-K Toolkit for Kids Publishers Part Three: Revise your privacy notices

Europe’s new data privacy law, the General Data Protection Regulation (GDPR), will be enforced from May 2018.  This law obliges all companies with consumers based in the EU to enable new data privacy protection. For websites and apps whose audience is primarily kids, additional requirements apply, commonly known as GDPR-Kids (GDPR-K).

In this series we outline the steps you ought to take immediately to prepare for GDPR-K. Part One dealt with auditing your technology partners. Part Two dealt with defining and articulating your compliance strategy. Part Three covers how best to revise your privacy notices.

Once you have regained control over the data collection that happens on your site or app (Part One), and have determined ‘who you are’ under GDPR-K (Part Two), it’s time to rewrite your terms of service and privacy policies.

Continue reading

The GDPR-K Toolkit for Kids Publishers Part Two: Defining your audience

Europe’s new data privacy law, the General Data Protection Regulation (GDPR), will be enforced from May 2018.  This law obliges all companies with consumers based in the EU to enable new data privacy protection. For websites and apps whose audience is primarily kids, additional requirements apply, commonly known as GDPR-Kids (GDPR-K).

In this series we outline the steps you ought to take immediately to prepare for GDPR-K. Part One dealt with auditing your technology partners. Part Two deals with defining and articulating your compliance strategy.

Continue reading

The GDPR-K Toolkit for Kids Publishers Part One: Audit your technology partners

Europe’s new data privacy law, the General Data Protection Regulation (GDPR), will be enforced from May 2018.  This law obliges all companies with consumers based in the EU to enable new data privacy protection. For websites and apps whose audience is primarily kids, additional requirements apply, commonly known as GDPR-Kids (GDPR-K).

Continue reading