In a recent consent order, the New Jersey Division of Consumer Affairs settled an investigation involving Dokogeo, Inc., a California based mobile application developer.

Under the Children’s Online Privacy Protection Act (“COPPA”) websites and online services which collect information from children younger than 13 are subject to certain parental notice and consent requirements.

In the Dokogeo investigation, the state alleged that COPPA and the Federal Trade Commission’s COPPA Rule were violated when the personal information of children was collected during the children’s use of a geolocation scavenger hunt application that uses animated cartoon characters.  Specifically, the state alleged that by utilizing animation and a child-themed storyline, the app is directed at children and adults which would subject the website to COPPA.  Additionally, the state asserted the app collects personal information as defined under COPPA, including photographs, geolocation information and e-mail addresses.  Further, and perhaps most importantly, the state alleged that the app’s privacy policy (which would detail the company’s data collection practices) did not obtain verifiable parental consent prior to the collection of personal information from children and no link to the privacy policy was provided on the home page.

In the consent order, the company denies that the app is directed at children, however, the order requires the company to clearly and conspicuously disclose in its apps and on the home page of its websites the types of personal information it collects, the manner in which it uses the information and whether it shares information with third parties.  Additionally, the order requires the company to verify that anyone using any of its apps that collect personal information is older than 13.  The order further specifies that if the company fails to comply with the restraints and conditions of the settlement agreement, or violates consumer fraud or child online privacy laws, at any point in the next 10 years it will be responsible for a $25,000 “suspended penalty.”

This matter, and numerous others throughout the country, highlight the need for companies to review their data collection practices and privacy policies to ensure COPPA compliance.