The FTC has announced enforcement actions against two app developers that allegedly violated the Children’s Online Privacy Protection Act (COPPA) by using persistent identifiers to serve advertising to children. The developers—LAI Systems, LLC (LAI) and Retro Dreamer (Retro)—will pay a combined $360,000 in civil penalties.

COPPA prohibits operators of websites and online services directed to children from collecting personal information without posting a privacy policy, providing notice of the information collection, and obtaining verifiable parental consent, under most circumstances. This includes a prohibition on collecting a “persistent identifier that can be used to recognize a user over time and across different Web sites or online services,” such as an Internet Protocol (IP) address or unique device identifier.

In its first enforcement action involving this new language, the FTC claims that both Retro and LAI create apps directed to children. The FTC alleged that both companies allowed third-party advertising networks to collect personal information in the form of persistent identifiers, in order to serve targeted advertising on the apps based on users’ activity over time and across sites. The FTC also alleged that the companies did not inform these third-party advertising networks that the apps were directed to children and did not instruct or contractually require the advertising networks to refrain from targeted advertising. The FTC further alleged that the companies did not provide the required notices or obtain the required parental consent under COPPA.

The settlement agreements prohibit the companies from further violations of COPPA. LAI and Retro are required to pay civil penalties of $60,000 and $300,000, respectively. Retro’s significantly higher fine may be attributed to the fact that the FTC alleged that the company was on notice of its COPPA violations.

These agreements emphasize that publishers of mobile applications designed for children must be vigilant regarding the collection and use of data by all parties and services, as the FTC will hold such businesses accountable for all activity involving the application.

Ballard Spahr's Privacy and Data Security Group regularly advise clients on developing privacy policies and consent mechanisms that comply with COPPA, as well as other federal and state laws. For more information, contact Edward J. McAndrew, Privacy and Data Security Group Practice Leaders Philip N. Yannella or Daniel JT McKenna, or the Ballard Spahr attorney with whom you work.

Copyright © 2015 by Ballard Spahr LLP.
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.