The Federal Trade Commission today reached a $3 million settlement with 20 operators of online virtual worlds.  The settlement is the largest civil penalty that the FTC has obtained to date for a violation of the Children’s Online Privacy Protection Act (COPPA). 

The FTC alleged that the operators collected children’s ages and email addresses during registration and then enabled children to publicly post their full names, email addresses, instant messenger IDs, and location, among other information, on personal profile pages and in online community forums before obtaining parental consent.  Specifically, if a user entered age information indicating he or she was under 13, the operator displayed a message warning the user that: “You are under 13 years old and we cannot ask you for your email address.  In order to register, you must ask your Parent or Guardian to fill out this screen…”  Once a parent’s email address was provided, the child was granted full access to the virtual world.  The FTC did not believe this approach constituted the verifiable parental consent required for public disclosures of children’s information.  The FTC made similar claims against the social networking website Imbee.com in 2008.  

Children’s privacy is receiving the heightened attention of regulators.  For example, last week Senator Markey released a discussion draft of his Do Not Track Kids Act.  The bill would expand COPPA’s scope and impose new restrictions on the collection, use, and disclosure of information from children, and, in some cases, individuals under the age of 18.  In addition, the FTC is expected to announce the next steps in its COPPA Rule review in the next few months. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the…

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.

Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.

Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.