The FTC has decided not to pursue an enforcement action against Clearwater Aquarium for alleged violations of the Children’s Online Privacy Protection (“COPPA”) Rule.
In February 2012, the Children’s Advertising Review Unit (“CARU”) referred the Clearwater Aquarium’s website to the FTC for review under COPPA after the Aquarium reportedly did not respond to CARU’s inquiry. CARU claimed that the site featured a “Kidzone” where visitors could sign up for an e-newsletter by entering their first and last names, mailing and email addresses, and cellphone numbers. CARU was concerned that the Aquarium collected personally identifiable information from children under the age of thirteen without first obtaining parental consent and that the Aquarium’s privacy policy — which stated that it did not collect information from children under 18 without parental consent — did not accurately reflect its actual privacy practices.
After reviewing the website, the FTC concluded “that the information collection practices that had triggered CARU’s inquiry had been remedied.” The FTC declined to take any further action, instead referring the matter back to CARU.
CARU, a division of the Council of Better Business Bureaus, is a self-regulatory body that monitors websites for compliance with COPPA. Although CARU’s self-regulatory program is completely voluntary, CARU may refer cases to the FTC if companies refuse to respond to inquiry letters. The FTC reviews CARU’s case referrals to determine whether enforcement action is appropriate. Although the FTC has initiated enforcement actions in response to CARU referrals in the past, the Clearwater Aquarium case is a reminder that the FTC may decide no further action is necessary.