Saturn Technologies Failed to Verify Users’ School Email and Age to Ensure They Were High School StudentsApp Developer to Pay $650,000 in Penalties and Strengthen Privacy for Young UsersNew York Attorney General Letitia James announced a settlement with Saturn Technologies, a developer of an app called Saturn used by high school students, for failing to protect young users’ privacy. Saturn allows high school students to create a personal calendar, message other members, share social media accounts, join groups, and know where other users are located based on their calendars. Saturn Technologies claimed that its app only allowed users from the same high school to interact with each other. However, the Office of the Attorney General (OAG) investigation found that the company failed to verify users’ school email and age to ensure they were high school students and allowed users from different high schools to interact with each other. As a result of today’s settlement, Saturn Technologies must pay $650,000 in penalties and significantly change its practices to protect users.
“The Saturn App helps students stay up to date with school-related events, sports, exams, and homework, but it failed to protect young users’ safety and privacy,” said Attorney General James. “Saturn Technologies should have strictly verified users to ensure that they were actually high school students and should have made sure students were interacting with others in their high school, not strangers. With this settlement, Saturn Technologies will have to update its practices, better protect users, and keep its promises. My top priority is always to stand up for New Yorkers’ safety, especially when it comes to vulnerable youth.”
The Saturn app is a social network built around a customized calendar for high school students. The app allows students to choose their high school community and share personal information with that high school community, such as their name, picture, biography, social media links, and school schedule. Students could also befriend other users in their school and chat with them. Saturn Technologies promised users that their platform was limited to high school students who had been verified to attend the same school. Initially, Saturn required all app users to verify their membership in a particular high school community using their high school email credentials.
However, OAG found that in 2021, Saturn Technologies made email-based user verification optional and did not notify users of the change or modify the safety promises it had previously made. Saturn Technologies also turned off user verification for more than 4,000 high schools between 2021 and 2023, allowing anyone to join the students’ high school community and access their schedules and other personal information.
The OAG investigation also found that after Saturn Technologies made school email credential verification optional in 2021, it began to use unproven and untested user verification methods. One unproven method of verifying users as members of a high school community was checking whether they appeared in the phone contact books of as few as three other users. Another unproven method of verifying users as members of a high school community was confirming that the user was accepted as SaturnApp “friends” with as few as one other user. These methods of verification are not strong enough to confirm that a user belongs to a certain high school community.
The OAG’s investigation also determined that Saturn Technologies:
- Did not screen new users based on birth date to confirm that they were high school-aged until August 2023;
- Promoted its app through other high school students without disclosing that they were compensated for their promotions;
- Made a copy of users’ contact books (with names, personal phone numbers, and other contact information) and continued using the copies even if the user changed their phone settings to deny the app access to their contact book; and
- Failed to keep sufficient records regarding data privacy, data permissions, user verification, and user privacy.
This settlement requires Saturn Technologies to notify current users regarding verification changes to its app and provide users with options to modify their privacy settings. The company is also required to provide all current and future users under the age of 18 with enhanced privacy options, such as hiding social media accounts from non-friends. Saturn will also prompt all users under 18 to review their privacy settings every six months. In addition, Saturn Technologies is prohibited from making any future claims about user safety or user verification unless the company has a reasonable basis for making the claim based on competent and reliable scientific evidence.
This settlement also requires Saturn Technologies to:
- Limit the visibility of information about non-Saturn-using students that other Saturn users may enter into the app, such as the non-Saturn user’s class enrollment or event attendance;
- Allow teachers to block their name, initials, or other personal identifier from appearing in the app’s class schedule feature;
- Delete retained copies of the phone contact books of certain users; and
- Hide the personal information of current users under 18 until Saturn Technologies obtains informed consent to the new Saturn app terms.
Saturn Technologies is also required to pay $650,000 in penalties and costs to the state. The company will pay $200,000 immediately and $450,000 will be suspended to ensure SaturnTechnologies’ compliance with the settlement terms.
New York Attorney General Letitia James announced a settlement with Saturn Technologies, a developer of an app called Saturn used by high school students, for failing to protect young users’ privacy. Saturn allows high school students to create a personal calendar, message other members, share social media accounts, join groups, and know where other users are located based on their calendars. Saturn Technologies claimed that its app only allowed users from the same high school to interact with each other. However, the Office of the Attorney General (OAG) investigation found that the company failed to verify users’ school email and age to ensure they were high school students and allowed users from different high schools to interact with each other. As a result of today’s settlement, Saturn Technologies must pay $650,000 in penalties and significantly change its practices to protect users.
“The Saturn App helps students stay up to date with school-related events, sports, exams, and homework, but it failed to protect young users’ safety and privacy,” said Attorney General James. “Saturn Technologies should have strictly verified users to ensure that they were actually high school students and should have made sure students were interacting with others in their high school, not strangers. With this settlement, Saturn Technologies will have to update its practices, better protect users, and keep its promises. My top priority is always to stand up for New Yorkers’ safety, especially when it comes to vulnerable youth.”
The Saturn app is a social network built around a customized calendar for high school students. The app allows students to choose their high school community and share personal information with that high school community, such as their name, picture, biography, social media links, and school schedule. Students could also befriend other users in their school and chat with them. Saturn Technologies promised users that their platform was limited to high school students who had been verified to attend the same school. Initially, Saturn required all app users to verify their membership in a particular high school community using their high school email credentials.
However, OAG found that in 2021, Saturn Technologies made email-based user verification optional and did not notify users of the change or modify the safety promises it had previously made. Saturn Technologies also turned off user verification for more than 4,000 high schools between 2021 and 2023, allowing anyone to join the students’ high school community and access their schedules and other personal information.
The OAG investigation also found that after Saturn Technologies made school email credential verification optional in 2021, it began to use unproven and untested user verification methods. One unproven method of verifying users as members of a high school community was checking whether they appeared in the phone contact books of as few as three other users. Another unproven method of verifying users as members of a high school community was confirming that the user was accepted as SaturnApp “friends” with as few as one other user. These methods of verification are not strong enough to confirm that a user belongs to a certain high school community.
The OAG’s investigation also determined that Saturn Technologies:
- Did not screen new users based on birth date to confirm that they were high school-aged until August 2023;
- Promoted its app through other high school students without disclosing that they were compensated for their promotions;
- Made a copy of users’ contact books (with names, personal phone numbers, and other contact information) and continued using the copies even if the user changed their phone settings to deny the app access to their contact book; and
- Failed to keep sufficient records regarding data privacy, data permissions, user verification, and user privacy.
This settlement requires Saturn Technologies to notify current users regarding verification changes to its app and provide users with options to modify their privacy settings. The company is also required to provide all current and future users under the age of 18 with enhanced privacy options, such as hiding social media accounts from non-friends. Saturn will also prompt all users under 18 to review their privacy settings every six months. In addition, Saturn Technologies is prohibited from making any future claims about user safety or user verification unless the company has a reasonable basis for making the claim based on competent and reliable scientific evidence.
This settlement also requires Saturn Technologies to:
- Limit the visibility of information about non-Saturn-using students that other Saturn users may enter into the app, such as the non-Saturn user’s class enrollment or event attendance;
- Allow teachers to block their name, initials, or other personal identifier from appearing in the app’s class schedule feature;
- Delete retained copies of the phone contact books of certain users; and
- Hide the personal information of current users under 18 until Saturn Technologies obtains informed consent to the new Saturn app terms.
Saturn Technologies is also required to pay $650,000 in penalties and costs to the state. The company will pay $200,000 immediately and $450,000 will be suspended to ensure SaturnTechnologies’ compliance with the settlement terms.
No comments:
Post a Comment