On Monday, May 16, 2016, the Supreme Court of the United States issued its highly anticipated opinion in Spokeo, Inc. v. Robins, a case that examined the question of whether a plaintiff who ...25 May 2016
FTC Announces First Flash Cookie Enforcement and Settlement with Child Social Network
This blog entry was contributed by Steven Spagnolo, an associate in the Privacy and Information Management group in Hogan Lovells' Washington, DC office
The Federal Trade Commission (FTC) yesterday announced settlements with two online companies for deceptively collecting personal information from consumers. In the first enforcement action against the use of Flash cookies, the FTC alleged that ScanScout, an online behavioral advertiser that was recently acquired by Tremor Video, circumvented user choice by collecting information through Flash cookies even while telling consumers they could opt out of this collection through other means. In the case of Skid-e-Kids, a social networking website that targets children, the FTC alleged violations of both the FTC Act and Children’s Online Privacy Protection Act (“COPPA”) for the collection of personal information from children without parental consent.
Under the consent decree (PDF), the FTC barred ScanScout from misrepresenting its online information practices, including how consumers’ data is collected, used, shared, and disclosed, and required ScanScout to implement measures aimed at providing consumers with more effective notice of how their data is used and simplified methods by which consumers may opt out of such use.
As a corollary, the FTC yesterday released a consumer education article, entitled “Cookies: Leaving a Trail on the Web (PDF),” which explains how cookies can monitor online activity and how users can control this monitoring, including a section on controlling Flash cookies.
Skid-e-Kids, the self-proclaimed “Facebook and Myspace for kids,” agreed to settle FTC charges that it violated the COPPA Rule and made deceptive claims in violation of Section 5 of the FTC Act.
The COPPA Rule requires that any collection, use, or disclosure of personally identifiable information of a child under 13 be preceded by verifiable parental consent. The FTC’s complaint (PDF) alleges that Skid-e-Kids collected personally identifiable information from approximately 5,600 underage users without first obtaining parental consent, a violation of the COPPA Rule. This enforcement action comes on the heels of the FTC’s recent proposal to amend the COPPA Rule aimed at keeping pace with developments in the online world, including the advent of social networks and the development of smartphone and geolocation technology.
The French Data Protection Authority (CNIL) has announced its inspections program topics for 2016, with health data, flight passengers’ data, and data used for marketing and Internet...20 May 2016