NJ Division of Consumer Affairs Announces $100,000 Settlement with App Developer Resolving Investigation Into Alleged Violations of Children’s Online Privacy Law
NEWARK – Attorney General Gurbir S. Grewal and the Division of Consumer Affairs today announced a Chinese software and consumer electronics company has agreed to pay $100,000 and change its business practices to resolve the Division’s investigation into allegations it violated the Children’s Online Privacy Protection Act (“COPPA”) and the New Jersey Consumer Fraud Act (“CFA”) in collecting personal information from children who downloaded its mobile apps.
Meitu, Inc., and its subsidiary in charge of U.S. operations, Xiamen Meitu Technology Co., LTD. (collectively “Meitu”), based in Xiamen, China, allegedly failed to notify parents and obtain their consent before collecting personal information from children under the age of 13 who downloaded its apps, including photo-editing apps like “Beauty Plus” “AirBrush,” and “Meitu,” which allow users to beautify their selfies or turn them turn into anime-style cartoon characters.
As part of the settlement, Meitu agreed to make changes to its apps to block personal data collection from children who identify themselves as under 13, pay a $100,000 civil penalty and update its policies and procedures to comply with COPPA.
“Young children may be adept at downloading apps and accessing the internet, but they don’t always recognize the dangers that lurk there,” said Attorney General Grewal. “Our commitment is to ensure that the apps used by children do not expose their personal information to advertisers, identity thieves, or others seeking to improperly track them online.”
“This settlement sends a clear message that we will not allow app developers to skirt the laws designed to protect the privacy of children online,” said Kevin Jespersen, Acting Director of the Division of Consumer Affairs. “As a result of our investigation, Meitu has agreed to come into compliance with privacy law, and we hope and expect that any other app companies unlawfully collecting or sharing users’ information will follow suit.”
Under the terms of a Consent Order with the Division, Meitu agreed that with respect to any website or online service they operate that is directed to children or, with their actual knowledge, is collecting, using, and/or disclosing personal information from children, they will
- provide notice of what information they collect from children, how they use such information, and their disclosure practices for such information;
- obtain Parents’ Verifiable Consent (as defined in COPPA) prior to the collection, use, or disclosure of personal information of children; and
- provide reasonable means for a parent to review the personal information collected from a child, in accordance with COPPA.
The COPPA and its regulations (“COPPA Rule”) apply to operators of commercial websites and online services (including mobile apps) directed to children under 13, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.
The primary goal of COPPA is to provide parents with control over what information is collected from their young children online, including first and last names, home addresses, screen names and other online contact information, telephone numbers, social security numbers, photographs, and IP addresses and other persistent identifiers that can be used to recognize a user over time and across different Web sites or online services.
Investigators Aziza Salikhova, Chris Spaldo, Elizabeth Perry and Walter Kaminski of the Division of Consumer Affairs’ Cyber Fraud Unit conducted this investigation.
Deputy Attorneys General Russell M. Smith, Jr. and Carla S. Pereira of the Affirmative Civil Enforcement Practice Group within the Division of Law represented the Division in this matter.