As we have previously discussed, the Federal Trade Commission’s (“FTC”) amendments to the Children’s Online Privacy Protection Act (“COPPA”) have recently gone into effect. The purpose of the amendments was to strengthen COPPA’s protection of online and mobile privacy for children under the age of 13. On December 18, 2013, the Center for Digital Democracy (“CDD”) became one of the first organizations to file Requests for Investigations (“Complaints”) with the FTC under COPPA’s new rules. Specifically, the CDD has alleged that Disney’s MarvelKids.com and Sanrio’s Hello Kitty Carnival mobile applications (“Apps”) fail to obtain parental consent before collecting, and likely sharing, personal information from children below the age of 13. The CDD’s Complaints request that the FTC immediately investigate both respondents and take action to enforce the requirements of COPPA.
The Disney COPPA Complaint
According to the CDD, the website MarvelKids.com, with a Privacy Policy last updated April 1, 2012 (before the COPPA amendments went into effect), holds itself out as a website for children, while collecting personal information about those children without obtaining parental consent. Using the Privacy Policy available on the website, the CDD points out that Marvel uses the MavelKids.com website to track users over time and across different websites, creating profiles of those who use the website. Additionally, the CDD retained a privacy expert who found that Marvel places a cookie in each child’s Internet browser. Not only does Marvel share the personal information it collects, but according to the Complaint, it also allows third-parties to track children who have visited the website. In all of this, Marvel neither seeks nor obtains parental consent in violation of the new COPPA rules, according to the Complaint.
In response to the Complaint, Marvel issued a statement, noting that “[c]ontrary to any suggestions in the . . . complaint filed by the [CDD], we are fully mindful of our obligations under COPPA and have robust processes in place that meet them.”
The Sarino COPPA Complaint
The CDD’s Complaint against Sarino makes similar allegations regarding its Hello Kitty Carnival App. However, according to the Complaint, the App not only allows Saniro to obtain personal information from the children who use it, but it also allows third parties to collect location and unique device identifier information without obtaining parental consent. Moreover, the App also allows third parties to access the user’s photographs without obtaining consent. According to the Complaint, “[b]ecause Hello Kitty Carnival is a mobile app targeted to children under the age of 13, it must treat all users as children and may only collect personal information after it complies with the COPPA Rule’s requirements.” Sarino has yet to comment on the Complaint.
Protect Yourself
We have previously noted that the new COPPA rules would have serious consequences for online marketers. (See, July’s New COPPA Requirements and Their Effect on Mobile Apps and FTC Amends the Children’s Online Privacy Protection Rule (COPPA)). The FTC is increasingly receiving complaints and launching investigations concerning online advertisers and marketers who collect and disseminate the personal information of minors. Therefore, it is critical that companies with an online and mobile presence seek competent counsel in connection with crafting their information collection, use and sharing practices.
If you have been served with legal process relating to COPPA or your data collection, use and/or sharing practices, please e-mail us at info@kleinmoynihan.com or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Attorney Advertising