Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

What is “personal information”

advertisement 
Silicon Valley Apps for Kids Meetup
Laura D. Berger
October 22, 2012
The views expressed herein are those of the speaker, and do not
represent the views of the Commission or any individual Commissioner.
1



FTC Act (Section 5) prohibits unfair or
deceptive acts and practices in or affecting
commerce
FTC also enforces 45 other statutes and
more than 30 trade regulation rules
Privacy-related standards the FTC enforces
include Children’s Online Privacy Protection
Act (“COPPA”), as well as other laws, such as
the Gramm-Leach-Bliley Act and the Fair
Credit Reporting Act.
2


Deception  a material representation or
omission that is likely to mislead consumers
acting reasonably under the circumstances
Unfairness  practices that cause or are
likely to cause substantial injury to consumers
that are not outweighed by countervailing
benefits to consumers or competition and are
not reasonably avoidable by consumers.

Note: Section 5 and COPPA violations often are alleged in
tandem – e.g., if you say you don’t collect information from
kids under 13, but you do.
3
4









Tell the truth about what your app can do.
Disclose key information clearly and
conspicuously.
Build privacy considerations in from the
start.
Be transparent about your data practices.
Offer easy to find and easy to use choices.
Honor your privacy promises.
Protect kids’ privacy.
Collect sensitive information only with
consent.
Keep user data secure.
5


COPPA is the only child-specific federal
privacy law in the United States.
Among other things, operators of commercial
websites and online services must provide
NOTICE and obtain parents’ CONSENT
before collecting personal information from
children under age 13.
6


Permit parents to make informed choices
about when and how children’s personal
information is collected, used, and disclosed
online; and
Enable parents to monitor their children’s
interactions and help protect them from the
risks of inappropriate online disclosures.
7



Operators of commercial websites and online
services directed to children that collect,
maintain, or provide the opportunity to
disclose personally identifying information or
“PII.”
Operators of general audience sites and
services (including teen/tween sites) who
have actual knowledge that they collect kids’
PII.
Entities on whose behalf operators collect
the information.
8
FTC considers several factors, including:
 Subject matter, content, age of models, language,
graphics, activities, or incentives;
 Whether advertising promoting or appearing on the
site or service is directed to children;
 Evidence about intended audience;
 Empirical evidence about audience composition.
 2011 Proposed Additions: Music & celebrities
appealing to children.
9
10
11


Must have actual knowledge that they
collect personal information from children.
“Actual knowledge” can come from asking a
child’s age, grade, birthday, other ageidentifiers. May also come from notification
from a concerned parent or other individual.
12

Post a privacy policy and links to the policy
wherever personal information is collected.

Give parents direct notice of its information
practices.

With certain exceptions, obtain verifiable
parental consent before collecting
information.
And . . .
13




Provide parents access and opportunity to delete
child’s personal information and opt-out of future
collection.
Limit collection of personal information.
Establish and maintain reasonable procedures to
protect the confidentiality, security, and integrity
of personal information.
2011 Proposal: Strengthen security provision; add
data retention/deletion requirements
14

There are 5 approved safe harbors:
Aristotle, Inc. www.aristotle.com/integrity
 CARU www.caru.org
 ESRB www.esrb.org
 Privo, Inc. www.privo.com
 TRUSTe www.truste.com


An operator participating in and complying
with an FTC-approved safe harbor will be
deemed to be in compliance with the Rule.
15


FTC actively enforces COPPA.
Agency has filed 20 federal court actions, and
has obtained over $7.6 million in civil penalties.
16





FTC is authorized to seek up to
$16,000/violation in penalties, and may also
seek:
Deletion of personal information collected
without parental consent;
Employee education and written
acknowledgement;
Written compliance report to FTC; and
Consumer education.
17
18
19








Full name
Physical address
E-mail address
Social Security Number
Telephone number
A screen name revealing
e-mail
A persistent identifier
combined with personal
information or “PI”
Any information tied to
PI
2011 Proposal:
• Persistent Identifiers not
used for “support for
internal operations”
• Geolocation
• Screen-names not used
for “support for internal
operations”
• Photos, Videos
20



Add new methods: electronic scans, videoconferencing, or use of government issued ID that
is immediately deleted.
Eliminate Email Plus
2 new approval procedures:
 Commission approval
 Safe Harbor approval
21
22
23




Reviewed 200 kids apps on Android and 200 on
Apple
Looked for disclosures available in App stores or by
developers
Very little information disclosed prior to download
Recommendation – app stores, developers and other
ecosystem participants need to improve disclosures
re data practices
24
Related documents
ftc_direct_tv - Consumer Watchdog
ftc_direct_tv - Consumer Watchdog
New Patient Information Form
New Patient Information Form
Chapter 8 Operational Data Tools
Chapter 8 Operational Data Tools
Children's Online Privacy Protection Act and the Video
Children's Online Privacy Protection Act and the Video
Digital Online Safety - Union County Public Schools
Digital Online Safety - Union County Public Schools
Scavenger Hunt
Scavenger Hunt
Ethics Powerpoint
Ethics Powerpoint
View our Privacy Policy/Website Policy
View our Privacy Policy/Website Policy
NORTH SHORE CARDIOVASCULAR ASSOCIATES
NORTH SHORE CARDIOVASCULAR ASSOCIATES
Children's Online Privacy Protection Act (“COPPA”)
Children's Online Privacy Protection Act (“COPPA”)
ADVANCED CARE OB/GYN HIPAA PRIVACY NOTICE CONSENT
ADVANCED CARE OB/GYN HIPAA PRIVACY NOTICE CONSENT
Acknowledgement of Privacy Practices
Acknowledgement of Privacy Practices
The Problem of Onward Transfers under U.S. Law Raghu Seshadri
The Problem of Onward Transfers under U.S. Law Raghu Seshadri
State University of New York  Committee on Curriculum    Agenda for March 4, 2013 Meeting 
State University of New York  Committee on Curriculum    Agenda for March 4, 2013 Meeting 
Issues in Internet Law - Massachusetts School of Law
Issues in Internet Law - Massachusetts School of Law
Deon Woods Bell Office of International Affairs U.S. Federal Trade Commission
Deon Woods Bell Office of International Affairs U.S. Federal Trade Commission
Powerpoint slides for Chapters 10, 11, 12, and 13
Powerpoint slides for Chapters 10, 11, 12, and 13
Regulators Issue Warnings to Mobile Application Developers—Clearer Privacy Disclosures Are Called For
Regulators Issue Warnings to Mobile Application Developers—Clearer Privacy Disclosures Are Called For
FTC Proposes Major Expansion to COPPA’s Scope and Compliance Requirements
FTC Proposes Major Expansion to COPPA’s Scope and Compliance Requirements
Before the Federal Communications Commission
Before the Federal Communications Commission
Privacy Policies of Mobile Apps Falling Federal Regulators
Privacy Policies of Mobile Apps Falling Federal Regulators
Federal Trade Commission Announces Settlement with TRUSTe
Federal Trade Commission Announces Settlement with TRUSTe
Download
advertisement