According to her, the FTC has continued to focus on online privacy by targeting digital platforms that collect personal information. Most recently, the FTC focused its executive authority on OpenX Technologies, Inc. It is a platform for real-time bidding for targeted advertisements on websites and applications used in many industries, including the digital health industry. OpenX has settled with the FTC over allegations that OpenX violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children under 13 without parental consent.
“Americans should be able to visit websites and use mobile apps with confidence that their privacy — and that of their children — are protected. The Department of Justice and the Federal Trade Commission are committed to ensuring that the digital advertising industry complies with federal privacy law.” Acting Assistant Attorney General Brian M. Boynton, Department of Justice.
This settlement serves as a stern reminder to all companies that operate a website or online service that collects or maintains data on children under the age of thirteen. For digital health companies in particular, the settlement should serve as a reminder that using marketing vendors, such as OpenX, does not always guarantee compliance with federal privacy law. Furthermore, the settlement should stress the importance of digital health companies understanding the audience of their platform as the key to understanding whether the platform is targeting children. Here are four action items that digital health companies must do:
If children under the age of thirteen can use your digital health system(s) or service(s) on the Internet, you need to comply with the Children’s Online Privacy Protection Act (COPPA). Companies that operate “kid-oriented” websites or applications, or companies that have actual knowledge that they collect or retain personal information from a child under the age of 13, must comply with the Children’s Online Privacy Protection Act (COPPA). COPPA compliance is not limited to digital health companies that provide individual or primary childcare. If a digital health company, such as a telemedicine platform, allows consumers under the age of thirteen to access and use an online platform(s) or service(s), it must comply with the Children’s Online Privacy Protection Act (COPPA).
Even digital health companies that do not deal directly with children may still have obligations under the Children’s Online Privacy Protection Act (COPPA). A website or online service is also directed to children when it has “actual knowledge that it is collecting personal information directly from users of another website or online service directed to children.” Digital health platforms that allow third-party mobile application integration or data sharing may be subject to COPPA when the Company learns that such third-party applications are intended for children. These third-party apps are not limited to those that primarily target children, but also include those that “target children” One of their fans.
Review the information you collect from and about consumers, particularly in relation to children under the age of thirteen. Digital health companies should routinely review the data they collect, where and from whom the data is being collected, and who the data is being used for. Companies that do not collect any data directly from children under the age of thirteen should review their third-party integrations and data-sharing practices to ensure that the Company does not obtain children’s information from such third parties.
© 2022 Foley & Lardner LLPNational Law Review, Volume XII, No. 10