The Children’s Online Privacy Protection Act (COPPA) has been on the books for years and is enforced by the Federal Trade Commission (FTC). COPPA basically prohibits companies from collecting personal information from children under the age of 13 without parental consent. The FTC has an impressive record of enforcement actions under COPPA and compliance with COPPA is an important part of a company’s compliance program, as applicable.

Many companies are unaware that there are also state laws applicable to the collection of children’s personal information, so consideration of compliance with those laws is important as well.

This week, Washington’s Attorney General Bob Ferguson (AG) announced that his office has settled an enforcement action against tech companies Super Basic LLC and its parent Maple Media LLC, which developed the “We Heart It” app, for $100,000 to end allegations that the companies unlawfully collected children’s data without parental consent.

In addition to the monetary penalty, the companies have agreed to pay $400,000 if they fail to comply with COPPA and the consent decree entered into between the parties.

The decree requires that companies use an “age gate” to prevent children under 13 from opening accounts; obtain parental consent before collecting data from children under 13; give notice directly to adults of children’s online data practices;audit user accounts to track whether accounts are being opened by children; and delete any accounts that belong to children under the age of 13.

The consent decree is similar to those handed out by the FTC,  and also serves as a reminder that both the FTC and State AGs are focused on the protection of the collection of children’s personal information and are stepping up enforcement in this area.

It also reminds parents to continue to monitor their children’s online behavior. These state and federal children’s privacy laws are for the protection of children, which is, and should be, a public-private partnership between agencies and parents.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.