What is COPPA and Why is Weight Watchers Paying $1.5 Million for Violating Online Privacy Protections for Children featured image

What is COPPA and Why is Weight Watchers Paying $1.5 Million for Violating Online Privacy Protections for Children

by John DiGiacomo

Partner

Internet Law

The company formerly called Weight Watchers — now known as WW International — was caught violating federal online data privacy protections for children. See NYT media report here. The federal act in question is the Children’s Online Privacy Protection Act (“COPPA”) which, among other requirements, prohibits collecting data concerning children without explicit consent from parents. COPPA applies to websites and also to phone and device apps.

COPPA was passed by Congress in 1998 to protect the online privacy for children — particularly under the age of 13. Like many data privacy statutes, various disclosures are required, opt-outs are allowed and consent for the collection of data must be obtained from at least one parent. Among the notice requirements are:

  • Prominent posting of the website’s or app’s privacy policies
  • Posting of notice to parents of what data will be collected, how it will be used and with whom it will be shared

COPPA also requires the following:

  • The obtaining of verifiable consent from at least one parent before collection of personal data from or about children
  • Offering an “opt-out” for parents allowing them to prohibit disclosure
  • Allowing parental access to their child’s personal data to review
  • Allowing parents the ability to have data deleted
  • Requiring that all data be securely maintained
  • Retaining personal data on children for only so long as is necessary and deleting said data thereafter
  • Ensuring complete destruction and deletion of data

The Federal Trade Commission (“FTC”) is tasked with enforcing COPPA. COPPA applies to any websites or services that are specifically marketed to children and to websites or apps where the owners have knowledge that they are collecting, using, or disclosing personal information from children under 13.

Weight Watchers (“WW”) created a phone app called Kurbo which was geared and marketed to children. As described, the Kurbo app was marketed as a way to help kids lose weight. To use Kurbo, children were asked to input various data like their height, weight, age and weight-loss goals. Children were then asked to input what they ate and how/when they exercised. As described here in the Federal Trade Commission’s press release, Kurbo also collected personal information such as names, email addresses and birth dates.

Based on complaints filed by pediatricians, nutritionists and children advocates, the US Department of Justice and the Federal Trade Commission (“FTC”) opened an investigation against WW and its Kurbo app. The investigation uncovered facts showing that data was being collected on children as young as 8 years old.

As noted, COPPA imposes an affirmative duty on websites and apps geared towards children to obtain parental consent. That affirmative duty means that the registration process CANNOT be lax and designed to allow children to avoid obtaining parental consent. This is particularly what the Department of Justice and the FTC found. As described in the media report and the press release, until late 2019, children could register for Kurbo by clicking that they were a parent or a child over the age of 13 signing up for themselves. There was no sort of verification required. In addition, there was no verification required for the birth date of the child being registered. The DOJ and FTC investigation found hundreds of examples where children registered “as” a parent or “as” an over-13 year old. When users later corrected their birth dates showing them to be under the age of 13, they were allowed to continue using Kurbo.

According to the FTC, the method of registration was a clear violation of COPPA. This was deemed a clear effort to bypass the parental notice and consent requirements by letting children register without involving a parent. The FTC also found that WW violated COPPA by not providing the notice and disclosure documentation required by COPPA even when a parent was legitimately registering a child. Finally, the FTC found that WW violated COPPA’s data retention provisions. As noted, COPPA requires deletion of information when the information is no longer needed. However, WW retained children’s personal information indefinitely and only deleted the data when requested.

As a result of these COPPA violations, WW International and Kurbo agreed to settle the enforcement action by agreeing to delete personal information illegally collected from children under 13, destroy any algorithms derived from the data and pay a $1.5 million penalty. If you have legal questions about consumer privacy, data security or other legal issues related to internet law, contact the trusted internet lawyers at Revision Legal at 231-714-0100.

Extra, Extra!
Recent Posts

2025 Changes to Trademark Fees

2025 Changes to Trademark Fees

Trademark

There are some significant changes coming to the United States Patent and Trademark Office (USPTO) that will affect trademark filings beginning January 18, 2025. These changes include the introduction of the Trademark Center, new fees, and revised application requirements. Here is an overview of the key changes: The USPTO will retire the TEAS system, which […]

Read more about 2025 Changes to Trademark Fees

Automated Decision-Making Technology: California Releases Proposed Regulations

Automated Decision-Making Technology: California Releases Proposed Regulations

Internet Law

In today’s competitive e-commerce landscape, automated decision-making technology is becoming more and more important. From personalized product recommendations to targeted advertising and streamlined logistics, these systems help ecommerce businesses adapt and grow. But new regulations are on the horizon, and these changes could reshape the way e-commerce businesses use automation. The California Privacy Protection Agency […]

Read more about Automated Decision-Making Technology: California Releases Proposed Regulations

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Put Revision Legal on your side