On May 19, 2020 the FTC announced that Miniclip S.A. settled with the FTC for falsely claiming that it was participating in a COPPA safe harbor program run by CARU (Children’s Advertising Review Unit of the Better Business Bureau’s National Programs).[1] Miniclip S.A. is a Swiss corporation controlled by Chinese conglomerate Tencent.
According to the FTC, from at least 2012 through June 2019, Miniclip’s website, stated “In recognition of our focus on the quality and safety of our content, we have been accepted to join the CARU Kids Privacy Safe Harbor Program and have been certified as COPPA compliant.”[2] However, in 2015 Miniclip was terminated from CARU’s Safe Harbor program, a move described by Commissioner Rohit Chopra as “exceedingly rare.”[3] Nevertheless, the FTC Complaint alleges that Miniclip continued to represent that it was participating in the program and “certified.”[4]
What is The COPPA Safe Harbor Program?
The Children’s Online Privacy Protection Act (COPPA)[5] and The COPPA Rule[6] set out a detailed legal regime when covered businesses collect or use personal data for children under 13. However, businesses can delegate determining how to best comply by participating in approved compliance programs set up by various groups, including CARU, Truste, and KidSAFE, among others.[7] Compliance with those approved programs protects businesses from being found liable under the COPPA.[8]
Noteworthy Details . . .
• This is not a settlement for COPPA violations. The FTC did not try to make that case that Miniclip was in direct violation of any COPPA requirements, nor allege that Miniclip misused the personal information of any children under the age of 13.[9] Rather, the FTC alleged Miniclip committed garden-variety misrepresentation in violation of Section 5 of the Federal Trade Commission Act by falsely stating that it was participating in a COPPA safe harbor program when it was not.[10]
• The settlement contains no monetary penalties.[11] Instead, the proposed FTC Order prohibits Miniclip from engaging in this type of misrepresentation in the future, whether it is making claims about participating in the CARU program, or any other privacy or security program.
• Safe Harbor programs may face stricter scrutiny in the future. Commissioner Chopra used this settlement as an opportunity to voice his concerns about the current operation of the COPPA Safe Harbor program generally, advocating for an end the FTC’s “lifetime” approvals of Safe Harbor providers.[12] Concerned that Safe Harbor programs only very rarely terminate members, and keep their investigations secret, Commissioner Chopra released a separate public statement arguing that the FTC should beef up its policing of Safe Harbor programs,[13] including:
(1) Regularly scheduled reviews and reevaluation of accreditation status,
(2) Public disclosure of the operations of COPPA Safe Harbor programs, including complaints handled and disciplinary actions taken,
(3) New conflict of interest limitations,
(4) Adding time-sensitive reporting requirements, and
(5) Terminating non-complaint Safe Harbor programs.
Why This Matters . . .
First, this is a good reminder that foreign-based companies are not exempt from compliance with Section 5 of the FTC Act. The Act specifically provides the FTC with authority to prosecute foreign companies for violations of Section 5 when their actions “cause or are likely to cause reasonably foreseeable injury within the United States; or involve material conduct occurring within the United States.”[14] Of course, there are some practical limits to this extra-territorial reach. However, if a foreign-based company regularly uses US business services to reach American consumers (for example, Apple’s App Store or the Google Play Store), its domestic business partners may not want to take the risk of doing ongoing business with a company facing FTC charges for deceptive conduct.
Second, keep your website and other forward-facing consumer statements updated. In today’s virtual marketplace, companies disseminate more consumer-facing statements than ever before. Businesses produce pages and subpages of information on their websites, Facebook pages, and LinkedIn accounts to boost customer confidence in their products and services. It is critical every advertising and information avenue is kept current – old information that doesn’t reflect your current offerings can lead to angry consumers, and FTC investigations.
Third, joining a Safe Harbor program is only the first part of an ongoing journey. COPPA compliance is not a static “set it and forget it” activity. Ongoing vigilance is needed to ensure that, if your business is collecting, using, sharing, or storing children’s personal data, it is following the latest COPPA requirements for parental consent, other parental rights, and the handling of this data once consent is provided.
[1] Federal Trade Commission, Swiss Digital Game Developer Settles FTC Allegations that it Falsely Claimed it was a Member of COPPA Safe Harbor Program (May 19, 2020), https://www.ftc.gov/news-events/press-releases/2020/05/swiss-digital-game-developer-settles-ftc-allegations-it-falsely. [2] In the Matter of Miniclip, S.A., a corporation, File No. 192 3129, Complaint, https://www.ftc.gov/system/files/documents/cases/192_3129_miniclip_complaint.pdf. See e.g., https://web.archive.org/web/20170213220407/https://corporate.miniclip.com/advertising/small-print. [3] F.T.C., Statement of Commissioner Rohit Chopra Regarding Miniclip and the COPPA Safe Harbors (May 19, 2020). [4] Complaint, supra note 2, ¶ 13. [5] 15 U.S.C. § 6501, et seq. [6] 16 CFR § 312, et seq. [7]See, https://www.ftc.gov/safe-harbor-program. [8] 15 U.S.C. § 6503(b)(2). [9] Complaint, supra note 2. [10] https://www.ftc.gov/system/files/documents/cases/192_3129_miniclip_complaint.pdf. See also, 15 U.S.C. § 45(a) [11] In the Matter of Miniclip, S.A., a corporation, File No. 192 3129, Decision and Order, https://www.ftc.gov/system/files/documents/cases/192_3129_miniclip_do.pdf. [12] Commissioner Rohit Chopra, Statement of Commissioner Rohit Chopra Regarding Miniclip and the COPPA Safe Harbors, Commission File No. 1923129 (May 18, 2020), https://www.ftc.gov/system/files/documents/public_statements/1575579/192_3129_miniclip_-_statement_of_cmr_chopra.pdf. [13] Id. at 2. [14] See, 15 U.S.C. § 45(a)(4).
Comments