COPPA Violations? Cop a Settlement for $3 Million

Posted on May 18, 2011 by Kevin Khurana

Playdom, Inc., an online game company owned by Disney Enterprises, Inc., and Playdom’s Chief Executive Officer, Howard Marks (the “Defendants”), agreed to pay $3 million to settle charges brought by the Federal Trade Commission (“FTC”) that they violated the Children’s Online Privacy Protection Act (“COPPA”) by collecting, using and disclosing the personal information of children under the age of 13 without their parents’ prior, verifiable consent.  According to the FTC’s settlement announcement, the $3 million settlement is the largest civil penalty ever for a COPPA violation.

The FTC’s complaint, filed May 11, 2011, alleged that the Defendants operated 20 “virtual world” gaming websites and that when children registered on the websites, the Defendants collected children’s personal information, like their ages and email addresses. Between 2006 and 2010, around 403,000 children registered for Defendants’ general audience websites, while an additional 821,000 users registered for www.ponystars.com, the Defendants’ website directed to children. Once registered, children could create their own personal profile pages, which included things like name, location, email address and instant messaging information. The FTC claimed that the Defendants failed to provide sufficient notice on their websites of what information they collected from children and how they used and disclosed such information. The FTC also claimed that the Defendants failed to provide direct notice to the children’s parents of their collection, use and disclosure practices with regard to such information and failed to obtain parents’ verifiable consent to their practices.   

The FTC’s complaint also alleged that the Defendants failed to adhere to the promises set forth in their privacy policy, specifically, that they would neither collect the email addresses of children without parental consent, nor permit children under the age of 13 to post personal information on their websites.

It is worthy to note that Playdom took ownership of the websites when it acquired Acclaim Games, Inc. in May 2010 and Disney subsequently acquired Playdom in August 2010. Although most of the violations occurred when Acclaim Games was operating independently, its acquirers ended up getting stuck with the tab. 
Tags: , , , , , , , ,

Facebook Simplified Its Privacy Policy, But Has Anyone Noticed?

Posted on December 17, 2009 by Robert D. Forbes

The blogosphere has been abuzz lately about Facebook’s new privacy settings, but lost amid all the noise is Facebook’s implementation of a new user-friendly privacy policy.

For those who haven’t been paying attention (or who haven’t logged on to Facebook lately), Facebook’s 350 million users are being asked to refine their privacy settings with a new software tool that allows users to dictate who has access to each category of content the user uploads to the website. Critics have slammed the updated privacy settings in large part because of certain personal information that is deemed public to all Facebook members: your name, city, gender, photograph, your lists of friends and “fan” pages, and networks to which you belong. Facebook is also being criticized for the default privacy settings, which would allow a user’s status updates and other content to be shared with anyone on the internet.  On December 17, 2009, the Electronic Privacy Information Center ("E.P.I.C."), joined by nine other privacy and consumer organizations, filed a complaint with the Federal Trade Commission asking for an investigation into these changes, which the complaint describes as "unfair and deceptive trade practices."

Lost amid this public outcry is Facebook’s recent move to a more user-friendly privacy policy. To comply with California’s Online Privacy Protection Act, operators of websites or online services that gather “personally identifying information” must conspicuously post their privacy policies online. This policy must (1) identify the personally identifying information the site or service collects and with whom it shares that information, (2) describe any available process by which a user may review and/or request changes to the personally identifiable information collected, (3) describe the process by which the site or service notifies users of material changes to its privacy policy, and (4) identify the policy’s effective date.

The problem with most privacy policies designed to comply with California’s law is that, generally speaking, privacy policies are dense and full of legalese. In the context of the federal Gramm-Leach-Bliley Act (“GLBA”), regulators have recognized that hard to read privacy policies are not helpful to consumers, and have taken steps to encourage more user-friendly privacy policies. (See our November 20 post regarding GLBA privacy notices here.) Facebook has responded to these concerns by adopting a completely rewritten privacy policy designed to make its policy more accessible and easier to understand.

For example, Facebook’s new policy includes a bullet point summary of key points at the beginning of the policy followed by section headings that allow users to jump to particular areas of the policy. Complex legal terms have been replaced throughout the policy by more basic language, with hyperlinks to pages containing more detail on key terms or issues. On Facebook’s company blog post detailing the new policy (available here), the company commits to adding additional definitions of key terms, screen shots of important pages, and “learn more” video content.

It isn’t hyperbole to say that Facebook’s privacy policies are subject to more public critique and impassioned criticism than any other in history. Regardless of your position on Facebook’s new default privacy settings, Facebook’s revised privacy policy is a step towards providing its users with clarity regarding how the information its users share is gathered and used. More importantly, the move toward a simpler online privacy policy is likely a sign of things to come in the Internet business community.
Tags: , , , , ,