COPPA

October 2017

What Can Voice-Activated Device Makers Legally Do With Recordings Of Kids’ Voices?

FTC has issued guidance exempting recordings used solely as a replacement for written words (e.g., perform search or execute verbal instructions) – as long as:
• audio file is held for a brief time (i.e. only long enough to complete that purpose and then immediately delete)
• use of audio file is strictly limited to that search/execution purpose

Under the exemption, a company must still provide clear notice in privacy policy of:
• collection and use of audio files
• audio file deletion policy

The exemption does not apply if a device asks or enables a child to provide personal information (e.g., name). In such cases, verifiable parental consent would be required before collecting an audio recording of the voice of a child under age 13.
https://www.ftc.gov/system/files/documents/public_statements/1266473/coppa_policy_statement_audiorecordings.pdf
jbho: Perhaps a bit helpful. However, if a device needs to store voiceprints for heuristics, does that mean it can’t be exempt? And if you want to distinguish between users, you probably can’t rely on the exemption.

 

October 2016

Texas AG Settles With Child Tracking App Maker

Texas v. Justa Labs
Justa Labs allegedly collected personal information in child directed apps – apps offering free children’s games – that generated revenue from advertisements and in-app purchases. Juxta Labs also collected personal information through its Jott App – a peer-to-per messaging App that did not rely on WiFi or carrier networks. Personal information collected included e-mail addresses, instant messaging identifiers, screen names, cookies, internet protocol addresses, and GPS coordinates.

Under the terms of the Assurance of Voluntary Compliance (AVC), Juxta Labs Must:

  • Develop and maintain an up-to-date and accurate privacy policy that is clear, conspicuous, and understandable
    • must not misrepresent its data collection practices
  • Obtain Verifiable Parental Consent before collecting personal information from children
  • Implement measures to prevent children from reaching any parent-directed sections of its Apps
    • e.g., an age-gaiting mechanisms that discourages children from falsifying their age
  • Delete any previously collected personal information of children (within 30 days)
    • for its Jott App, Juxta Labs may seek parental consent before deleting
  • Develop, implement, and maintain procedures to ensure its Jott App does not contain networks that are likely to predominantly include Children (e.g., Elementary School networks)
  • Pay $30,000 in civil penalties
    • $15,000 to reimbursement the AG’s office
    • $15,000 to the Supreme Court Judicial Fund

[District Court of Travis County; D-1-GN-16-004940]
jbho: make sure you know what information your apps (or web pages) are collecting – including cookies – on anything that could be considered child-directed – no matter how small a portion of the audience children would actually be.

The order includes in the definition of personal information: “A persistent identifier that can be used to recognize a user over time and across different Web sites or online services. Such persistent identifier includes, but is not limited to, a customer number held in a cookie, an Internet Protocol (IP) address, a processor or device serial number, or unique device identifier.” (emphasis added)

Leave a Reply