HyperBeard, Inc., a developer of popular children’s applications, has agreed to settle with the Federal Trade Commission over allegations of its failure to comply with the Children’s Online Privacy Protection Act Rule (“COPPA Rule”). HyperBeard agreed to pay $150,000 in fines and to delete the information allegedly obtained from children under 13 years old without proper parental consent.

The COPPA Rule was enacted by Congress to provide parents with more control over the types of information collected from their children online. The COPPA Rule applies to operators of websites and other online services, such as mobile apps. Operators directing such activities to children under age 13 or with actual knowledge that their activities are processing children’s information under age 13 are required to comply with the COPPA Rule. Operators that fall within the scope of the COPPA Rule must meet specific requirements, such as they must:

  • post a clear and comprehensive online privacy policy describing information practices for personal information collected online from children;
  • provide direct notice to parents and obtain verifiable parental consent before collecting personal information online from children;
  • give parents the choice of consenting to the operator’s collection and internal use of children’s information, while prohibiting the operator from disclosing that information to other parties; and
  • offer parental access to the personal information of their children to review and/or have the data deleted.

In its complaint against HyperBeard, the FTC contended that HyperBeard violated the COPPA Rule by failing to: provide appropriate notice to parents of the information it was collecting online from children, disclose its privacy practices, and show how the information it was collecting from children was used; and obtain proper parental consent before collecting the personal information of children.

As a result of the settlement, HyperBeard is prohibited from failing to make reasonable efforts to ensure “a [p]arent of a [c]hild receives direct notice of [HyperBeard’s] practices” regarding the processing of personal information collected directly from children. The settlement also prohibits HyperBeard from failing to obtain parental consent before processing personal information from children that falls within the scope of the COPPA Rule. Additionally, HyperBeard agreed to destroy the personal information that it received in violation of the COPPA Rule to ensure it refrains from further “disclosing, using, or benefitting” from its illegal collection.

Due to the alleged violations, the FTC penalized HyperBeard a total of “$4 million.” However, the total penalty was suspended upon payment of $150,000 due to HyperBeard’s inability to submit the full penalty amount.

The FTC indicated last year it was accelerating its review of the COPPA Rule, recognizing changes in technology and the effects the changes may have on children interacting with online products and services. The allegations against HyperBeard are yet another illustration of the agency’s growing attention to children’s online activities.

To read the full settlement, click here.

Troutman Sanders will continue to monitor the FTC’s enforcement actions and other issues relating to privacy and data security.