$50,000: Price Tag For COPPA Violation By Mobile App Developer

Published On August 17, 2011 | By Randy Sabett | Litigation, Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

The FTC has agreed to settle a case at the intersection of privacy, mobile computing, and children.  In what it described as “the Commission’s first case involving mobile applications,” the FTC announced on August 15 its agreement to settle a case involving violations of the Children’s Online Privacy Protection Act (COPPA) by W3 Innovations (which also does business as Broken Thumbs Apps; collectively the “defendants”).  Defendants develop mobile applications that include numerous iPhone and iPod Touch games.  The settlement shows that mobile application providers are not exempt from or outside the crosshairs of the FTC.  The settlement also provides several examples of practices that companies should carefully scrutinize before engaging in the marketing of mobile apps that might be attractive to users aged 13 and under.

In its complaint, the FTC alleged that many of the games Defendant offered via Apple’s App Store (including such titles as Emily’s Girl World, Emily’s Dress Up app, and Emily’s Runway High Fashion app) were directed at children.  The complaint points to the main screen of each of the apps, the types of games and activities available, and the defendant’s own marketing materials in support of the FTC’s position that the apps were directed to children.  Notably, the FTC quoted the defendant’s own www.brokenthumbsapps.com website as saying that the Emily’s Girl World app was “a fun story-telling app with charming graphics…which we thought that younger girls and nostalgic adults in particular might enjoy” (emphasis added).

The FTC further alleged that some of the W3 applications collected personal information of children without parental consent, as required by COPPA.  The FTC pointed out, for example, the Emily’s Girl World blog requires users to submit email addresses when sending “shout-outs” to their friends or sharing “blush stories.”  The Emily’s Girl World app and the Emily’s Dress Up & Shop app “also encourage a user to send emails to ‘Emily’ through the user’s mobile device” though which the defendants also required submission of an email address.  In total, the FTC found that the defendants had “collected and permanently maintained over 30,000 email addresses from users of the Emily’s Girls World app and the Emily Dress-up apps.”

Because the defendants did not (a) “maintain or link to an online notice of…information collection, user, and disclosure practices,” (b) “provide[] direct notice to parents of [its] practices regarding the collection, use, and/or disclosure of children’s personal information,” and (c) obtain[] verifiable consent from parents prior to collecting, using, or disclosing children’s personal information,” the FTC brought action against the defendants for COPPA violations.

In agreeing to the consent decree to settle the case, the defendants accepted a $50,000 fine.  As part of the settlement, however, the defendants also agreed to a set of ongoing obligations to comply with COPPA and delete all personal information that had been collected in violation of COPPA.  The consent decree now awaits approval by the U.S. District Court for the Northern District of California.

About The Author

Randy V. Sabett joined ZwillGen as Counsel in 2011. He advises clients on information security, privacy, IT licensing, and intellectual property. Randy has over 20 years of infosec experience, including as an NSA crypto engineer and a CISSP. He works closely with companies in helping them develop strategies to protect and exploit their information and IP based on various evolving business models, including SaaS, mobile applications, cloud, and more traditional client/server architectures. Specific areas on which he focuses include information security, privacy, IT licensing, IP strategy, big data, metrics, active defense, venture capital, legislative matters, government contracting, digital and electronic signatures, federated identity, state and federal information security and privacy laws, identity theft, and data breaches. He also drafts and negotiates a variety of technology transaction agreements.

Leave a Reply

Your email address will not be published. Required fields are marked *