Companies that market products and services to children online increasingly are finding themselves in the crosshairs of the Federal Trade Commission.

The FTC said that it continues to monitor the rapidly expanding mobile-technology space in search of deceptive and unfair practices, especially those that involve children and purchases within mobile apps.

The agency reached a $19 million settlement this month with Google for purchases made by children through apps downloaded from the Google Play store. The FTC says the service didn’t do enough to ensure that the purchases were approved by adults before they were made. It reached a similar settlement with Apple in January and has filed a charge with Amazon. The move could signal a broader focus by the FTC on all marketing that is aimed at children.

Ensuring that consumers consent to charges made to their credit cards is “a classic FTC enforcement area,” says Joseph Sanscrainte of the law office of Joseph Sanscrainte, who specializes in matters involving marketing and advertising practices.

While the FTC has policed credit card practices for years, the mobile space is on the “cutting-edge of technology,” and, thus, is an FTC enforcement area that’s still developing, Sanscrainte says. Because children spend a great deal of time online playing games, “I do anticipate the FTC is going to be monitoring this area very closely,” he says.

The FTC has indicated as much: “As more Americans embrace mobile technology, it’s vital to remind companies that time-tested consumer protections still apply, including that consumers should not be charged for purchases they did not authorize,” FTC Chairwoman Edith Ramirez said in a statement.

According to the FTC’s complaint against Google, the tech giant violated the FTC Act’s prohibition on unfair commercial practices by billing consumers, since 2001, for charges by children made within kids’ apps downloaded from the Google Play store.

Under the terms of the settlement, Google agreed to pay a minimum of $19 million in full refunds to consumers who were unlawfully charged. It also agreed to modify its billing practices to ensure that it obtains express, informed consent from consumers before charging them for items sold in mobile apps in the future.

“As more Americans embrace mobile technology, it’s vital to remind companies that time-tested consumer protections still apply, including that consumers should not be charged for purchases they did not authorize.”
Edith Ramirez, Chairwoman, Federal Trade Commission

The Google settlement marks the FTC’s third complaint relating to children’s in-app purchases. In January, Apple also reached a settlement with the FTC for similar violations. Under the terms of that settlement, Apple agreed to pay $32.5 million in refunds to consumers who were unlawfully charged, and also modified its billing practices to ensure that it obtains express consent from parents or guardians before charging them for items sold in mobile apps, including those that are popular with children. If Apple gets consumers’ consent for future charges, consumers must have the option to withdraw their consent at any time.

The FTC then followed up its consent order with Apple to lodge a similar complaint against Amazon. Together, these three actions are “consistent with the FTC’s focus on mobile platforms and privacy and disclosures specific to children’s mobile apps,” Dana Rosenfeld, a partner with the law firm Kelley Drye, says.

Unlike Google and Apple, however, Amazon has decided to contest the FTC’s allegations. “The Commission’s unwillingness to depart from the precedent it set with Apple, despite our very different facts leaves us no choice but to defend our approach in court,” Andrew DeVore, Amazon’s general counsel, wrote in a letter to the FTC.

According to the FTC’s complaint, Amazon failed to get customers’ informed consent to in-app charges made by children and did not address that problem quickly or effectively enough in response to customer complaints.


Below, in the complaint against Google, the court explains the company’s inappropriate actions.
Google offers thousands of apps for free or a specific dollar amount, including games that children are likely to play. In many instances, after installation, children can obtain virtual items within a game, many of which cost money. Google bills charges for items that cost money within an app—“in-app charges”—to the parent. Although the issue of unauthorized charges in kids’ apps had received media scrutiny before Google introduced in-app charges to its app store in March 2011, Google began billing for such charges without any password requirement or other method to ensure account holder authorization. In fact just weeks after it began billing for in-app charges, Google began receiving complaints from parents and other consumers about being billed for unauthorized charges by children. Yet Google took no steps to require account holder involvement within an app prior to in-app charges being incurred by children until mid- to late 2012. Currently, in connection with billing for children’s in-app charges, Google only sometimes requests a parent’s Google password. In many instances, once the password is entered, Google begins a thirty- minute window during which purchases can be made by children without further action by the account holder. During this process, Google in many instances has not informed account holders that password entry would approve a charge or initiation a thirty-minute window during which children using the app can incur charges without further action by the account holder. Through these practices, Google often has failed to obtain parents’ informed consent to charges incurred by children. As a result, parents and other Google account holders have suffered significant monetary injury, with many thousands of consumers complaining about unauthorized in-app charges by children, and many consumers reporting hundreds of dollars in such charges.
Source: FTC Google Complaint.

Amazon has hotly contested the FTC’s allegations. “We have made clear from the outset of your inquiry, our experience at launch was responsible, customer-focused, and lawful, including prominent notice of in-app purchasing, effective parental controls, real-time notice of every in-app purchase, and world-class customer service,” DeVore wrote in the letter to the FTC.

Amazon’s frustrations are understandable. Companies that provide mobile app services walk a very fine line between providing convenience to their customers and complying with the FTC’s consumer protection requirements, Sanscrainte says.

Neither Google, Apple, nor Amazon intended to specifically target children with their services, he says. “I don’t think there was any nefarious intent on the part of these companies,” Sanscrainte says.  Rather, their intent was to provide their customers with an easy way to make purchases online, “but in the process they made things so convenient that even children can figure it out,” he says.

Broader Enforcement

From a broader enforcement perspective, other companies can avoid similar FTC complaints simply by ensuring that every time they charge a credit card online that the card owner consents to those charges. “There has to be some notification with regard to each separate charge,” Sanscrainte says.

Additionally, companies usually encounter several advance warnings prior to the FTC bringing an enforcement action. “The FTC is reactive, not proactive, when it comes to enforcement,” Sanscrainte says. That means the agency typically initiates an investigation only after enough consumers have lodged previous complaints against the company. 

According to the FTC, Apple, Amazon, and Google each received thousands of complaints about unauthorized in-app charges. Apple, in particular, received “at least tens of thousands of complaints,” the FTC stated.

COPPA Enforcement

Aside from more enforcement in the mobile-technology space, companies can also anticipate tighter laws and enforcement concerning the collection of personal information from children online under the Children’s Online Privacy Protection Act (COPPA).

Under COPPA, companies whose apps collect, store, or transmit personal information from children under the age of 13 must get parents’ consent before collecting that information. Since enactment of the original COPPA rule in 2000, the FTC has brought charges against seven companies. “There hasn’t been a huge amount of enforcement,” Sanscrainte says.

Given the volume of online activity by children, however, more enforcement may be on the way. “Companies need to very carefully monitor what it is they are collecting,” Sanscrainte says.

The FTC revised COPPA in December 2012—amendments that took effect on July 1, 2013—but more stringent COPPA rules may be on the way. On its Website, the FTC said it’s currently “conducting a review of what changes, if any, should be made to COPPA to reflect the changes that may have been brought about by technological changes such as the rapid adoption of mobile devices.”

The good news is that the rule includes a provision that allows industry groups and others to submit self-regulatory guidelines to the FTC for approval as a safe harbor program. Companies that participate in an approved program will be deemed compliant with COPPA.

To receive FTC approval, self-regulatory guidelines must:

Require that participants in the safe-harbor program implement substantially similar requirements that provide the same or greater protections for children as those contained in COPPA;

Include an effective, mandatory mechanism for the independent assessment of the safe harbor program participants’ compliance with the guidelines; and

Establish disciplinary actions for non-compliance by safe-harbor participants.

Since COPPA took effect in April 2000, seven groups—the Children’s Advertising Review Unit of the Council of Better Business Bureaus, the Entertainment Software Rating Board, Aristotle, TrustE, PRIVO, KidSAFE, and iKeepSafe—have received FTC approval for their safe-harbor programs.

“As mobile technologies continue to expand at such a rapid pace,” Rosenfeld says, the FTC will “continue its efforts to address the myriad consumer protection issues in the mobile environment—from mobile payments to use of disclosures and privacy and data security.”