Attorney General Gurbir S. Grewal and the Division of Consumer Affairs today announced a Chinese software and consumer electronics company has agreed to pay $100,000 and change its business practices to resolve the Division’s investigation into allegations it violated the Children’s Online Privacy Protection Act and the New Jersey Consumer Fraud Act in collecting personal information from children who downloaded its mobile apps.
Officials said Meitu, Inc., and its subsidiary in charge of U.S. operations, Xiamen Meitu Technology Co., LTD. (collectively “Meitu”), based in Xiamen, China, allegedly failed to notify parents and obtain their consent before collecting personal information from children under the age of 13 who downloaded its apps, including photo-editing apps like “Beauty Plus” “AirBrush,” and “Meitu,” which allow users to beautify their selfies or turn them turn into anime-style cartoon characters.
According to authorities, as part of the settlement, Meitu agreed to make changes to its apps to block personal data collection from children who identify themselves as under 13, pay a $100,000 civil penalty and update its policies and procedures to comply with COPPA.
“Young children may be adept at downloading apps and accessing the internet, but they don’t always recognize the dangers that lurk there,” said Attorney General Grewal. “Our commitment is to ensure that the apps used by children do not expose their personal information to advertisers, identity thieves, or others seeking to improperly track them online.”
Under the terms of a Consent Order with the Division, Meitu agreed that with respect to any website or online service they operate that is directed to children or, with their actual knowledge, is collecting, using, and/or disclosing personal information from children, they will
* provide notice of what information they collect from children, how they use such information, and their disclosure practices for such information;
* obtain Parents’ Verifiable Consent (as defined in COPPA) prior to the collection, use, or disclosure of personal information of children; and
* provide reasonable means for a parent to review the personal information collected from a child, in accordance with COPPA.
With regard to its website in general, Meitu agreed to clearly and conspicuously post a privacy policy on its websites that, among other things, discloses how the Meitu websites and Meitu apps collect.
The COPPA and its regulations (“COPPA Rule”) apply to operators of commercial websites and online services (including mobile apps) directed to children under 13, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.
The primary goal of COPPA is to provide parents with control over what information is collected from their young children online, including first and last names, home addresses, screen names and other online contact information, telephone numbers, social security numbers, photographs, and IP addresses and other persistent identifiers that can be used to recognize a user over time and across different Web sites or online services.