Earlier today, the FTC announced its latest COPPA enforcement action (http://www.ftc.gov/opa/2009/10/iconix.shtm). Iconix Brand Group, Inc., the operator of websites featuring its apparel brands, was fined $250,000 for collecting personal information from children without complying with COPPA’s parental consent rubric.
The FTC cited the websites associated with the brands Mudd, Candie’s, Bongo and OP, which are popular with children and teens. The FTC did not characterize Iconix’s websites as ones “directed to children.” According to the FTC’s complaint, the websites each have online registration processes that, among other things, collect the birthdate of users; and Iconix violated COPPA by collecting personal information from approximately 1000 users who identified themselves as under 13. The collection occurred both through website and sweepstakes registration, post-registration email marketing, and also through public disclosure at a “Share Your Story” feature on one of the websites.
The FTC also cited Iconix for stating in its privacy policy that it would not collect personal information from children without parental consent, when its practices did not conform to its policy.
General audience websites that collect birthdate or age-related information from their users should employ an FTC-compliant neutral age-screening mechanism to ensure that if a user enters information disclosing that he or she is under 13, the website operator does not collect or disclose personally identifiable information from that user.