Dominique Shelton, an experienced litigator and counselor, partner in the Litigation group and Claire Lucy Readhead, Associate, co-wrote the Law360 article “No Cookie for You: How COPPA Will Affect Your Company.”
Consumers generate “Big Data” through e-mail, Facebook, Twitter, LinkedIn, YouTube and many other sources. Companies buy and sell Big Data and personal data for the purpose of behavioral advertising and targeted marketing. Although an incredibly powerful tool, the collection and use of Big Data has raised significant privacy concerns from the class action bar, as well as regulators like the Federal Trade Commission and the California attorney general. These concerns are most acute in the context of collecting personal information from children.
In response to evolving technology and growing consumer concern, the Federal Trade Commission (FTC) revamped its Children’s Online Privacy Protection Act (COPPA) rules. Namely, the amended rule expands the definition of “personal information” to include (1) persistent identifiers (even when they are not combined with additional identifying information like a name or address); (2) photos, videos, or audio recordings of children; and (3) screen or user name; and (4) geolocation. Geolocation was in the original rule, but the FTC enumerated it as a specific category in the amended rule for emphasis.
It is difficult to predict how the FTC and courts will enforce the amended COPPA rule. However, given the fact that portions of the amended rule are merely “clarifications,” watching current COPPA litigation unfold will give companies guidance on the enforcement and implementation of COPPA. Major class actions to be aware of are the Viacom and Path litigation.
In December 2012, plaintiffs brought multiple class actions against Viacom for allegedly tracking children’s internet communications and video viewing habits without parental consent. Similarly, in class actions against Path Inc., the plaintiffs allege the company impermissibly monitored children’s online social network interactions by using geotagging with digital contact to implement tracking cookies. These class actions are still in litigation, but companies should monitor their outcomes for guidance on COPPA implementation.
With the rapidly increasing number of children who use mobile apps, companies must understand the FTC’s expansion of COPPA’s definition of personal information.
Read Shelton’s and Readhead’s article “No Cookie for You: How COPPA Will Affect Your Company” for complete analysis discussing “Big Data.”
Written by the Privacy & Data Security Team | Alston & Bird LLP