If you operate a website, game or app you should consider whether the U.S. Children’s Online Privacy Protection Act (COPPA) applies to your data collection practices.  Even if you complied with COPPA in the past, it is surprisingly easy to violate in the future when the development team adds new features without running them by legal counsel.

COPPA applies to your website, game or app in any of these four scenarios:

1.  if directed to children under 13 and you collect personal information from them;

2.  if directed to children under 13 and you let others collect personal information from them;

3.  if you have a general audience, but actually know that you collect personal information from children under 13; or

4.  if you operate a plug-in or other third party service, and have actual knowledge that you collect personal information from websites, games or apps directed to children under 13.

What is personal information?  Personal information is information that can identify a user, such as their full name, email address (or other persistent online identifier), image, voice or geolocation data.

How do you know if your website, game or app is directed at children under 13?  A number of factors are considered, such as subject matter, content, whether animated characters are used, child-oriented activities or incentives, ads directed at children or any other evidence regarding the age of the actual or intended user base.

Can I use an age screen?  Maybe (my apologies for the typical lawyer answer).  Age screens are permitted if the service does not target children as its primary audience.  The determination of primary audience is (once again) a factor-oriented analysis.

Penalty?  Penalties depend on a number of factors, but each violation can cost up to $16,000.

COPPA will not always apply to your website, app or game but you should consult legal counsel to determine whether COPPA applies.  Additionally, before adding any new features that collect personal information, consult with legal counsel once again to ensure that these new features don’t implicate COPPA.

Startups and video game companies often ask me to draft a privacy policy AFTER development is complete. Unfortunately, developers often fail to track their software’s information collection features and 3rd party plugins used for data collection during development.  As a result, privacy policy drafting may require development backtracking to determine these collection practices.

I recommend that developers consider privacy as part of the development process. This simplifies the process of drafting a Privacy Policy, documents all information collection features in your software to assist with future development and may lower legal fees!

During development, consider the following:

1. Collect the minimum.  Only collect the minimum amount of information your company needs as this simplifies the privacy policy and is appreciated by users.

2. What are you collecting?  Create a list of all information that your software collects and make sure this list is shared between development teams and is kept up to date.  If possible, separate this information into “Personal”, such as first and last names, geolocation data or email addresses, and “Anonymous”, such as number of clicks or how long a user stayed on a page.

3. What are you using this information for?  Opposite each piece of information you collect, note what you are using this information for.  For example, in a restaurant app, beside geolocation data:  “determines user location to list nearby businesses that are similar to type requested by user”.  If you can’t find a use for information, consider not collecting that information.

4. Are you disclosing this information outside the company?  Opposite each piece of information you collect, note if you disclose that information to 3rd parties outside of your company and how those companies are using this information.

5. 3rd party plugins?  Keep track of 3rd party plugins/APIs incorporated into your software and, if possible, determine the collection practices of these 3rd party plugins/APIs as this information is also incorporated into the privacy policy.

Considering privacy as part of the development process will impose an organizational structure on your information collection practices to assist with future development and greatly assist your lawyer when preparing your privacy policy.

Exercise caution when deciding to insert a shotgun clause into your Shareholders’ Agreement.  Often, for startups, a shotgun clause may do more harm than good.

A shotgun clause forces a shareholder out of the company. By exercising the clause, Shareholder 1 forces Shareholder 2 to either:

• • sell all Shareholder 2’s shares to Shareholder 1 at a set price; or
  • buy all Shareholder 1’s shares at that same price.

those are the only options.  While this might seem an excellent way to remove a founder who is not pulling their weight, there are a number of risks associated with the clause.

1. A shotgun clause may create a perception that there is conflict within the founding team.  Investors invest in a startup’s technology AND the founding team.  An early-stage startup that loses its team has a high chance of failing and, as such, investors want to ensure that the team stays together to protect their investment.  A shotgun clause is a heavy handed way of dealing with disagreements among shareholders and may cause investors to think that the startup team has underlying disagreements that may result in its breakup.   While an investor could simply ask that the shotgun clause be removed, the negative perception created by the clause may push away investors before investment discussions even begin.
2. A shotgun clause may create conflict.  The mere existence of a shotgun clause may exacerbate conflict within a startup team as members know that an extreme solution is always available to solve a disagreement.  By its very existence, the shotgun clause may preclude reasoned negotiation.
3. A shotgun clause may force you out of your company.  Whoever is richest wins with a shotgun clause – if you can’t afford to buy shares, you have to sell.  A shotgun clause could be used by investors to force you out of the startup you founded, given their superior financial means.

If you are seriously considering a shotgun clause in your shareholders’ agreement, ask yourself, “why it is needed?”  If you are not confident in a team member’s commitment then reconsider whether they are truly essential to the company.  Hopefully consideration of a shotgun clause will cause you to consider the makeup of your founding team and, in the long term, create a stronger company.

Solution:  reverse vest all founders’ equity to ensure that key team members remain for as long as needed.

Startups, especially those at an early stage, focus on building a positive reputation among their users.  Unfortunately, different team members can harm your startup’s reputation – including the legal team when they police your trademarks!

I have noticed a growing number of negative consumer responses to otherwise standard trademark policing actions, primarily cease and desist letters.  Attempts to protect a brand now have the potential to generate negative consumer perception of that brand and may require a trademark policing strategy that considers consumer perception.  Trademark policing involves searching for (among others) unauthorized use of your trademark or trademarks that are confusingly similar to your own.  I must stress that trademarks must be policied.  However, in scenarios where trademark infringement or confusing similarity is extremely weak, I believe that your legal team should factor negative consumer perception into the decision to undertake policing action.

Consider these two questions when determining whether negative consumer perception will result from a policing action:

1. Size of market and consumer knowledge?

The potential for negative consumer perception is greater in a small market with informed consumers.

2. Size of enforcing party relative to allegedly infringing party?

The potential for negative consumer perception is greater in a David versus Goliath scenario.

In the sports world, two large companies recently undertook trademark policing actions against small, local companies with loyal consumer bases.  The result was an uprising of support from around the world for the small companies and substantial negative consumer perception of the large companies.

While policing trademarks is necessary, overzealous policing action may not be.  Startups should consider the impact questionable policing actions might have on their brand, balancing protection and consumer perception.

Solution:  keep in touch with your legal team and understand their trademark policing strategies.