Jam City Settles with California AG Over CCPA Violations
Jam City, a mobile game developer, recently reached a settlement with the California Attorney General (AG) regarding alleged violations of the California Consumer Privacy Act (CCPA). The complaint centered on deficiencies in the company’s handling of consumer data, particularly concerning opt-out mechanisms for targeted advertising and protections for minors.
Details of the Allegations
The AG’s complaint highlighted two primary areas of concern.first, Jam city’s method for allowing consumers to opt-out of targeted advertising – via email – was deemed insufficient under CCPA requirements. The law mandates a more robust and easily accessible opt-out process.
Second, the complaint focused on the handling of personal facts belonging to users under the age of 16. While Jam City implemented an age gate to collect user age data, it allegedly failed to consistently apply appropriate protections based on this information. Specifically,six of Jam City’s games did not automatically direct users aged 13-16 to a “child experience” version of the game,which blocked the “sale” of their personal information,resulting in the unauthorized “sale” of their data.
Legal Violations cited
the complaint alleged jam City violated both the CCPA (Cal. Civ. Code § 1798.100 et seq.) and California’s Unfair Competition Law (Cal. Bus. & Prof. Code § 17200 et seq.). The CCPA violations stemmed from “selling” and “sharing” consumer information without a compliant opt-out process and “selling” the data of minors (ages 13-16) without obtaining necessary consent. The Unfair Competition Law violation was alleged as a consequence of the CCPA breaches.
Terms of the Settlement
As part of the settlement judgment, Jam City agreed to the following:
* Civil Penalty: Pay a $1.4 million civil penalty to the state of California.
* Improved Opt-Out Mechanisms: Implement clear and conspicuous opt-out links for targeted advertising on both its mobile applications and website, ensuring compliance with legal requirements.
* Enhanced Age Screening: Implement age screening methods that do not default to ages 16 or over and avoid suggesting limited functionality for users who identify as under 16.The company will provide “child versions” of its applications to all users under 13 and to those between 13 and 16 who do not consent to the sale of their personal information.
* Compliance Program: Establish a extensive compliance program to regularly assess and monitor the effectiveness of its opt-out mechanisms and ensure adherence to obligations regarding minor users.
* Monitoring and Reporting: Submit to three years of monitoring and reporting requirements, including regular compliance reports to the California AG’s office.
Key Takeaways
This settlement underscores the California AG’s continued focus on fundamental CCPA compliance, particularly regarding accessible opt-out mechanisms. The $1.4 million penalty demonstrates the AG’s willingness to pursue substantial monetary settlements when businesses fail to implement required data privacy controls.
The case also highlights the importance of properly implementing and utilizing age screening features. Regulators may assume a business is aware of a consumer’s age if an age gate is used, and failure to then apply appropriate CCPA-required controls based on that information can lead to increased scrutiny.
Disclaimer: This summary is for informational purposes only and does not constitute legal advice. consult with legal counsel for advice tailored to your specific situation.
