Claims:
(1) LAI distributed mobile apps to consumers, including apps that were targeted at children under age 13.
(2) LAI generated revenue by permitting third-party advertisers to collect personal data from the apps’ users. Specifically, LAI permitted advertisers to collect users’ persistent identifiers, which under COPPA were data points that could “be used to recognize a user over time and across different Web sites or online services,” including cookies, internet protocol (IP) addresses, and device identifiers.
(3) LAI did not disclose to the advertisers that LAI’s apps were targeted at children.
(4) Further, LAI did not provide adequate notice of the data collection to its child users or their parents, and it did not receive the parents’ consent for such collection. The FTC claimed that this alleged conduct violated COPPA.
Rules:
Under the Children’s Online Privacy Protection Act of 1998, persistent identifiers such as cookies, internet protocol addresses, and device identifiers fall under the definition of personally identifiable information.