Recent FTC Settlement Highlights Agency’s Focus on Children’s Privacy & Use of Disgorgement Remedy Including in AI Context

As readers of CPW know, the Federal Commerce Fee (“FTC”) has made it clear that privateness and security will be top-of-mind issues for the Commission for the foreseeable future. Just lately, the FTC introduced its settlement with WW Worldwide, Inc.—previously often known as Weight Watchers (“Weight Watchers”)—over claims the corporate violated the Children’s On-line Privacy Safety Act (“COPPA”) by accumulating kids’s private data with out offering discover or acquiring parental consent.

The settlement requires the corporate to pay a $1.5 million penalty, delete private data that was improperly collected from kids, and destroy any fashions or algorithms developed with the use of that information. Importantly, the settlement illustrates the FTC’s elevated focus on kids’s privateness, in addition to the Fee’s elevated reliance on the disgorgement treatment in privateness and safety enforcement actions—together with in the AI context.

I.     Factual Background & FTC Allegations

By means of background, COPPA requires that web sites, apps, and on-line providers which can be child-oriented or knowingly accumulate private data from kids notify dad and mom and procure their consent earlier than accumulating, utilizing, or disclosing private data from kids beneath 13. It was handed in 1998 amid rising issues concerning kids’s privateness on-line. Not like different another federal regulatory regimes, each the FTC and state attorneys basic have concurrent jurisdiction to implement COPPA (which means as a sensible matter personal entities are topic to potential regulator scrutiny at each the state and federal degree for alleged COPPA violations).

Weight Watchers marketed a well being and wellness app and web site to each adults and kids that allowed customers to trace their meals consumption, exercise, and weight. The app additionally collected private data, together with names, e-mail addresses, and start dates. Up till late 2019, customers may join the app by indicating (1) they had been a father or mother registering their baby or (2) a baby over the age of 13 signing up for themselves.

The non-neutral age gate that was introduced by Weight Watchers at registration indicated to youthful customers that they may enroll and not using a father or mother by falsely claiming they had been a minimum of 13. Not solely that, a whole lot of customers who signed up for the app did, in reality, circumvent the age gate by creating an account and later revising their profiles to replicate their true age. Regardless of this, these customers had been nonetheless permitted to entry the app with out parental involvement. Additional, whereas the corporate carried out a brand new age gate in late 2019 that eliminated any reference to being “at least 13” and indicated that people beneath the age of 13 wanted parental permission to make use of the app, Weight Watchers’ screening mechanism nonetheless failed to make sure that customers who chosen the father or mother signup possibility had been actually dad and mom—and never kids making an attempt to bypass the age restriction.

In line with the FTC, Weight Watchers violated COPPA because of this of its failure to offer a mechanism to forestall kids from utilizing the father or mother registration choice to bypass the age restriction, in addition to COPPA’s discover and information retention provisions.

II.     The Settlement Phrases and Key Takeaways

The Weight Watchers settlement is comprised of three main elements, all of which carry important implications for potential FTC enforcement actions going ahead.

  • First, the corporate should pay a $1.5 million penalty.

  • Second, the corporate should destroy all private data that was collected in a way that didn’t adjust to COPPA.

  • Lastly, the corporate should destroy all fashions or algorithms developed in complete or in half utilizing improperly collected private data 

     A.     FTC’s Continued Focus on Children’s Privacy 

There are three main takeaways from the Weight Watchers settlement. The primary pertains to the FTC’s elevated exercise in the kids’s privateness house. The Weight Watchers settlement comes on the heels of a number of different FTC enforcement actions in opposition to firms who ran afoul of COPPA. In December 2021, promoting platform OpenX Applied sciences agreed to pay a $2 million penalty to resolve related FTC allegations that it collected kids’s private data with out parental consent. And in July of final yr, on-line coloring e-book app Kuuhuub agreed to a $3 million penalty to settle COPPA allegations as properly.

Relatedly, throughout his State of the Union address President Joe Biden urged Congress to strengthen children’s privacy protections and clamp down on firms that improperly accumulate kids’s private data.

Taken collectively, firms that market their on-line services or products to kids—or in any other case accumulate kids’s private data—are well-advised to overview their compliance with COPPA’s necessities to mitigate the heightened authorized threat posed by the FTC’s elevated emphasis on kids’s privateness.

     B.     Utilization of Disgorgement Remedy

The second main takeaway pertains to the requirement that Weight Watchers destroy any fashions or algorithms developed by the use of private data that was improperly collected from minors in violation of COPPA.

Importantly, the Weight Watchers matter marks the primary time that the FTC has utilized this enforcement instrument—often known as disgorgement—in a COPPA case. That is half of a bigger shift by the FTC to prioritize “meaningful disgorgement” as a treatment in privateness and safety and enforcement actions. Disgorgement was first used by the FTC in its first enforcement action specifically targeting improper facial recognition practices with photo developer Everalbum, Inc. As part of the settlement, Everalbum was forced to delete not only all photos and other user data that had been improperly collected and/or retained, but also all facial recognition algorithms that were developed with Everalbum’s ill-gotten data.

Shortly after the Everalbum settlement—throughout remarks on the 2021 Future of Privacy Discussion board—the FTC’s then-Appearing Chairwoman, Rebecca Kelly Slaughter, famous that the place firms unlawfully accumulate and/or use shoppers’ private data, the FTC would search disgorgement of each the improperly collected information, in addition to any advantages from that information—pointing to Everalbum for instance of how the FTC may leverage disgorgement in privateness and safety issues.

     C.     Algorithmic Disgorgement As New Regular In Close to Future?

Third, the Weight Watchers settlement not solely represents a continuation of the disgorgement treatment development in FTC enforcement actions, but additionally signifies that algorithmic disgorgement could quickly develop into a regular element in future FTC settlements. This may increasingly have a very outsized impression on builders of synthetic intelligence and associated applied sciences which rely closely on the event of superior algorithms.

This settlement is yet one more instance of the FTC’s focus on the impression AI can have in relation to shopper privateness and associated points.  In December the FTC issued a notice (“Notice”) that it was “considering initiating a rulemaking under Section 18 of the FTC Act to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.”

There are a number of privateness, cybersecurity and AI points that the FTC could search to control as previewed by its Discover, should internal disagreement at the agency not stall this effort in 2022.  As an illustration, as seen in an April 2021 launch the FTC has more and more cautioned that AI could also be utilized and “inadvertently introduce[e] bias or other unfair outcomes” to medication, finance, enterprise operations, media, and different sectors.  As well as, the FTC declared algorithmic and biometric bias as a focus of enforcement in resolutions passed in Fall 2021.

Source link