In This Issue:

Does a Virtual Pet Site Violate COPPA?

In a complaint filed with the Federal Trade Commission, the Center for Digital Democracy (CDD) maintains that Mobbles, a virtual pet app, violated the Children’s Online Privacy Protection Act by gathering data from children without obtaining prior parental consent.  Designed for children ages 4 and older, the app allows users to collect, trade, and play with their virtual pets.  But it also collects a “host of personal data” from children, including e-mail addresses and location data, the group claims.

Mobbles was released in May for Apple and Android devices and has ranked among the top 100 grossing entertainment apps in Apple’s App Store in 24 different countries and in the top 10 in 10 different countries, the CDD noted.

One feature of an app to “collect new pets” pinpoints a child’s precise location on a satellite map that includes a street name and a range of house numbers.  Children can also earn virtual currency and in-game coupons by disclosing their e-mail addresses to subscribe to a Mobbles newsletter.

Although parental consent is not required when children create a user name to trade their pets or when they provide their e-mail address to receive the Mobbles newsletter, CDD notes that “Mobbles makes no attempt to provide direct notice to parents and offers no opportunity for parents to opt out of further use of their children’s information.”

“Thus, CDD urges that the FTC promptly initiate an investigation of Mobbles, bring an enforcement action to stop Mobbles from any further collection of children’s personal information, and to seek all other appropriate remedies.”

Alex Curtelin, Mobbles’s co-founder, told Online Media Daily that Mobbles does not sell data to third parties and retains as little information as possible.  However, citing a need “to post a clearer privacy policy and review privacy practices,” the company took the game offline.

To read the CDD’s complaint, click here.

Why it matters:  The CDD argues that the complaint is representative of the need for updates to COPPA in the digital age, as Mobbles is just one of many children’s apps that takes “unfair advantage of children’s developmental vulnerabilities.” As Dr. Kathryn Montgomery, professor of communication at American University, said in the CDD’s press release, “This complaint provides a glimpse into a much larger, rapidly growing children’s mobile market, in which companies are unleashing all of the available techniques for targeting kids.”

Legislative Updates: Geolocation bill and VPPA Updates Advance, ECPA Update Stalls

As the year comes to an end, lawmakers are scrambling to make progress on legislation addressing geolocation privacy and updates to the Video Privacy Protection Act and the Electronic Consumer Protection Act.

Sen. Al Franken’s (D-Minn.) Location Privacy Protection Act, which would require mobile apps to receive user permission before collecting and sharing location data, was approved by the Senate Judiciary Committee in a voice vote.  The bill now moves on to the full Senate for consideration.

Sen. Franken, Chairman of the Senate Subcommittee on Privacy, Technology, and the Law, introduced his bill last June, but the Committee reviewed a revised version of the bill  that would permit a one-time user approval and not a requirement that permission be sought each time data is shared or collected.

“If you want to find the best pizza place where you’re driving, you’ve got to provide your location,” Sen. Franken told the Minnesota Post.  “If the pizza app wants your location, of course you’re going to give the pizza app your location; otherwise they can’t do what they do.  But if someone else wants your location and wants your location everywhere you want to go, you might not want to give them that. So what we’re trying to say is, it’s your choice to protect your own privacy.”

The law would also criminalize “stalker apps” – applications that share the location of a cellphone without its user’s knowledge – with exceptions for law enforcement or parents monitoring their children.

Although the bill passed the Committee, it did receive some pushback. Sen. Chuck Grassley (R-Iowa) expressed concern that the law could “do serious damage to the tech sector.”  Referencing a letter from the Interactive Advertising Bureau opposing Sen. Franken’s law, he said that informing consumers about who is receiving their information poses a practical and technological challenge.

“The mobile marketplace is a unique, yet highly complex technical ecosystem with multiple entities often behind a single service.  One application may have 10 or more different entities functioning behind the scenes to enable service, ad delivery, monetization, or analytics to help improve the user experience,” according to the IAB’s letter, which Sen. Grassley submitted to the Committee for the record.  “In a real-time automated delivery market, there is no technologically feasible or practical means for providing notice of each specific entity, as the entity changes in a moment’s notice.”

On December 20, 2012, the Senate unanimously passed H.R. 6671, which would update the Video Privacy Protection Act to facilitate the sharing of information regarding video rental habits on social media sites.  The updated law would allow the social networking and video rental sites to integrate so that users could share with friends the movies they have rented.

The Senate Committee also gave the nod to a bill containing updates to the 1986 Electronic Communications Privacy Act.  Changes to the ECPA would mandate that governmental authorities get a search warrant to obtain e-mails from suspects.  The current law, passed in 1986, predates the rise of e-mail and other forms of technological communication, making it easy for law enforcement officials to access data without a judge’s permission.  However, that update did not move forward in the House of Representatives on December 18, 2012.

Consent would expire after a two-year period or could be withdrawn at any time.

To read S. 1223, the Location Privacy Protection Act, click here.

To read H.R. 6671, the update to the VPPA, click here.

Why it matters: The movement of the bills through the Committee is viewed as progress for privacy advocates and may help speed their passage next session.

Dunkin’s “Best Coffee” Slogan Can’t Be Trademarked

In declining to approve a slogan trademark, the U.S. Patent and Trademark Office (USPTO) determined that the “Best Coffee in America” claim by Dunkin’ Donuts’ is merely “laudatory and descriptive.”

Dunkin’ Brands Group Inc. sought trademark protection for the phrase in the category of restaurant services, café services, snack bar services, and fast-food restaurant services.  The slogan had acquired distinctiveness, the chain argued, as it has been used in commerce for five years, beginning April 11, 2006.  The PTO disagreed and concluded that Dunkin’s “informational slogan is nothing more than a claim of superiority and is so highly laudatory and descriptive of the quality of the coffee featured in applicant’s restaurants, cafes and snack bars that applicant’s claim of acquired distinctiveness, based on five years’ use of the mark in commerce, is insufficient and unpersuasive.”  The examining attorney cited similar denials for claims like brew maker Sam Adams’s “The Best Beer in America” and Carvel’s attempt to register “America’s Freshest Ice Cream.”

He noted that, instead of indicating the source of Dunkin’s goods, the words simply tout the company’s goods as the best in America.  The mark “fits firmly in the category of marks identified…as being mere ‘puffery’ and incapable of functioning as a trademark.”  “‘Best Coffee in America’ touts simply that the coffee featured at applicant’s restaurants are superior to other coffees in this country.  While applicant may use this wording in promoting its restaurants and cafes and the coffee sold therein, the proposed mark does not function to indicate the source of applicant’s services or distinguish applicant’s services from those of others.”

To visit the USPTO’s decision, click here.

Why it matters:  Dunkin’ Donuts may continue to use the slogan, albeit without trademark protection.  A spokesperson told the Boston Globe that the company is “reviewing the filing and cannot speculate on future plans at this time.”  Dunkin’ Donuts has the right to contest the finding by the USPTO examining attorney, and if the decision is not reversed, has the option to appeal to the Trademark Trial and Appeal Board.  The finding was the company’s second trademark loss this year.  The USPTO earlier rejected registration for the phrase “Bagel Bunchkin” for the chain’s bite-size bagel pieces.

Takeoff: First California Suit Over Mobile Apps Hits Delta

Making good on her threat of legal action, California Attorney General Kamala Harris filed the first lawsuit against a mobile application for failing to have a privacy policy.

Harris, who has made privacy issues a focus of her term in office, targeted Delta Air Lines’ “Fly Delta” app.  When customers use the app to check in and make flight reservations, Delta collects information like a user’s name, phone number, gender, geolocation, passport number, debit or credit card information, and e-mail address.

But according to the complaint, Delta violates the 2004 California Online Privacy Protection Act, which requires companies to post their privacy policies if they collect personal information such as names, phone numbers, and e-mail addresses from state residents.

Harris began her enforcement campaign earlier this year, when she reached an agreement with the six largest online app providers – Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion.  The companies agreed that the Act applies to mobile apps.  Facebook signed onto the agreement in June.

In late October, Delta was one of roughly 100 companies that received a warning letter cautioning recipients they would be sued if they did not bring their apps into compliance within 30 days.

According to the complaint, the company has been distributing an app that has been downloaded by consumers “millions of times” without a privacy policy since at least 2010.  The suit contends that while Delta has an online privacy policy on its Web site, it does not reference the app nor is it reasonably accessible to app users.  It is therefore insufficient to satisfy the law’s requirements.

Delta “does not have a privacy policy in the application itself, in the platform stores from which the application may be downloaded, or on Delta’s website.  Users of the Fly Delta application do not know what personally identifiable information Delta collects about them, how Delta uses that information, or to whom that information is shared, disclosed, or sold.”

The suit seeks to enjoin the app from being downloaded until a privacy policy is added and requests fines of up to $2,500 per download.

To read the complaint in People v. Delta, click here.

Why it matters:  The warnings are over and all mobile apps should have a privacy policy or be prepared to face a civil complaint from AG Harris.  In a press release, Harris said the Delta complaint is the first suit filed to enforce the 2004 law.  “Losing your personal privacy should not be the cost of using mobile apps, but all too often it is,” Harris said in the statement.  “California law is clear that mobile apps collecting personal information need privacy policies, and that the users of those apps deserve to know what is being done with their personal information.”

Kids’ Apps Get a Failing Grade From the FTC

Ten months after the release of its first staff report on children’s mobile apps, the Federal Trade Commission returned to the subject and found “little progress” has been made “toward giving parents the information they need to determine what data is being collected from their children, how it is being shared, or who will have access to it.”

The February report, “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing” offered a “warning call to the industry,” cautioning app stores, in-app advertisers, and app developers to do more to provide parents with easily accessible, basic information about the mobile apps used by their children.

According to a second report released in December, very few answered the call.

“While we think most companies have the best intentions when it comes to protecting kids’ privacy, we haven’t seen any progress when it comes to making sure parents have the information they need to make informed choices about apps for their kids,” FTC Chairman Jon Leibowitz said in a press release about the report.  “In fact, our study shows that kids’ apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents.”

“Mobile Apps for Kids:  Disclosures Still Not Making the Grade” reviewed 400 available children’s applications in the Apple and Google stores.  “Most apps failed to provide any information about the data collected through the app, let alone the type of data collected, the purpose of the collection, and who would obtain access to the data,” the report concluded. Just 20 percent of the apps reviewed by the agency disclosed any information about the app’s privacy practices.

In addition, many of the apps surveyed by the FTC had interactive features – like advertising, the ability to make in-app purchases, or links to social media – which share data from the mobile device with ad networks or other third parties without disclosing the fact to parents.

More than half of the apps reviewed contained advertising (58 percent), but just 15 percent disclosed the presence of in-app advertising prior to download.  Sixty percent of the apps surveyed transmit data from a user’s device either back to the developer or to a third party, the agency found.

The report advised entities within the mobile app industry to design and employ the “best practices” found in the agency’s staff report on privacy to provide greater transparency about how data is collected, used, and shared in children’s apps, and to offer parents easy-to-understand choices about data collection and sharing in their kids’ apps.

To read the report, click here.

Why it matters:  Leibowitz said the agency plans to perform another survey in the future and “will expect to see improvement.”  “All of the companies in the mobile app space, especially the gatekeepers of the app stores, need to do a better job,” he cautioned.  The agency also announced that it is launching non-public investigations to determine if mobile apps are violating the Federal Trade Commission Act or the recently updated Children’s Online Privacy Protection Act.

Topics:  Attorney Generals, COPPA, Delta Airlines, ECPA, FTC, Geolocation, Kamala Harris, Mobile Apps, Online Privacy Protection Act, Parental Consent, Personally Identifiable Information, Privacy Policy, Trademarks, USPTO, Video Privacy

Published In: Antitrust & Trade Regulation Updates, Communications & Media Updates, Intellectual Property Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »