Where in the world? Warning letters address geolocation and COPPA coverage

Remember that public service announcement: “It’s 8:00. Do you know where your children are?” Technology has given parents tools for answering that question. But under the Children’s Online Privacy Protection Rule, online services touted as ways to keep kids connected need to comply with key parental notice and consent provisions of COPPA – especially when they’re collecting children’s geolocation. That’s the message of two warning letters just sent by FTC staff. But the letters send another important message about the reach of COPPA.

Gator Group Co., Ltd., is a company based in China that advertises a device and an app called the Kids GPS Gator Watch, marketed as a “child’s first cell phone.” Among other things, it gives a user the capability to track the child wearing the watch, enable remote voice monitoring, and set an alarm if he or she leaves a geo-fenced safe zone.

Stockholm, Sweden-based Tinitell, Inc., markets a mobile phone and app “designed for kids, with calling and smart location features.” Also worn like a watch, the product lets users locate the child, call the child, add contacts, etc.

Even if parents choose to use products designed to provide their kids’ geolocation, it’s important that they have a clear picture upfront of how companies will use that information. And it’s just as important for companies to get parents’ verifiable express consent in advance and to provide the other protections guaranteed by COPPA – for example, to maintain reasonable procedures to secure kids’ personal information.

But according to the letters from FTC staff, both Gator Group and Tinitell appeared to collect children’s precise geolocation, but may not have provided direct notice to parents of their information collection practices. What’s more, it doesn’t look like the companies comply with the COPPA requirement that they get verifiable parental consent before collecting, using or disclosing children’s personal information.

If your clients have websites or online services outside the U.S., take particular note of two sentences in the letters:

The COPPA Rule applies to foreign-based websites and online services that are involved in commerce in the United States. This would include, among others, foreign-based sites or services that are directed to children in the United States, or that knowingly collect personal information from children in the United States.

Also cc:ed on the letters are the Apple iTunes and the Google Play Store, which make the apps available to consumers in their stores.

The FTC has resources to help companies streamline their COPPA obligations. If you work with businesses covered by COPPA, is it time for a compliance check?