Why should a business be concerned with a Delaware law if it is not based in Delaware?
DOPPA is applicable to all websites and mobile applications (“applications”) that are accessible to Delaware consumers. Because of the nature of the Internet, all domestic and international websites and applications can potentially (and many likely do) reach Delaware consumers.
Who is covered by DOPPA?
DOPPA apples to every “operator” of an “Internet service,” which means the owner of “any service, system, website, application or program, or portion thereof, which accesses the Internet or provides a user with access to the Internet.” Accordingly, DOPPA is applicable to all website owners and application owners, among others.
What are the relevant definitions under DOPPA?
Under DOPPA, “personally identifiable information” (“PII”) is defined as “any information about an individual that, individually or in combination with other information, can be used to distinguish or trace the identity of the individual.” PII includes an individual’s name, signature, physical characteristics or description (including a photograph), street address, phone number, social security number, school or education history, passport number, and other similar information.
DOPPA defines “marketing or advertising” as “making a communication or arranging for a communication to be made, in exchange for compensation, about a product or service the primary purpose of which is to encourage recipients of the communication to purchase or use the product or service.” Thus, if a website or application is selling goods or marketing the goods of others, including through any form of paid advertising on the website or application, it would meet this definition.
What are the New Marketing and Advertising Requirements With Respect to Children?
DOPPA prohibits websites and applications that are directed to children from advertising or marketing certain products and services, including alcohol, tobacco, firearms, dietary supplements and sexually-oriented material. Unlike the current restrictions in the federal Children's Online Privacy Protection Act that regulate online content directed to those under the age of 13, DOPPA defines children as anyone under the age of 18, thereby casting a significantly wider net.
Additionally, to ensure that children are not exposed to inappropriate advertising content, even websites and applications that are not directed to children, but which have “actual knowledge” that children access the website or application, must refrain from engaging in targeted advertising of any of the prohibited products or services if the marketing or advertisement is based on the child's PII. Furthermore, the operator of such a website or application must not disclose or compile a child's PII if the operator knows that the child's PII will be used to market or advertise any of the prohibited products or services.
What are the New Digital Book Service Information Disclosure Requirements?
DOPPA also imposes numerous restrictions on the disclosure of PII and other personal information by providers of e-books and other digital book services. These restrictions prohibit the disclosure of personal information regarding the users of digital book services to law enforcement entities, governmental entities and other third parties, except in certain limited circumstances.
Disclosure of a user’s personal information to law enforcement agencies is permitted if it is pursuant to any lawful method by which the agency is permitted to obtain such information, including in instances where there is imminent danger of death or serious injury. However, disclosure to government agencies and other third parties generally require the digital book service provider to give the user whose information will be disclosed an opportunity to contest the disclosure.
In addition, absent certain limited exemptions, DOPPA requires digital book service providers to post online an annual report that sets forth information about the provider's disclosures of its users' personal information.
What are the consequences for failing to comply with these new requirements?
If a company fails to comply with DOPPA, the Attorney General of the Department of Justice has specific statutory authority to prosecute violations, successful prosecution of which will result in the imposition of civil and criminal penalties, including fines. - Angelina Bruno-Metzger