Recently, the Federal Trade Commission announced that it has settled charges against RockYou, a game and entertainment website.  The FTC alleged that RockYou knowingly collected email addresses and passwords and other information from 179,000 children without their parents’ consent.  It also alleged that RockYou failed to employ adequate security features to protect the information of its 32 million users.  The FTC claimed that RockYou’s actions violated the Children’s Online Privacy Protection Act (COPPA) Rule and Section 5 of the FTC Act, which prohibits unfair and deceptive trade acts.  As part of its settlement, RockYou agreed to pay $250,000.

The FTC alleged that in addition to collecting email addresses and passwords from users, including children, RockYou’s features enabled children to create profiles and upload personal information on picture slide shows.  According to the FTC, because the company collected users’ birth years, it knew that many of the people from whom it collected were children under the age of 13.  Under the COPPA Rule, websites collecting personal information from children under the age of 13 must obtain parental consent prior to information collection and must maintain a privacy policy detailing information collection practices with respect to children.  The FTC alleges that RockYou did not meet these requirements.  It also alleges that RockYou did not maintain adequate security for personal data despite making public assurances regarding its security features and despite the COPPA Rule’s requirement that companies maintain reasonable security procedures with respect to children’s personal information.

In addition to paying $250,000, under the proposed settlement RockYou agreed to implement a data security program, to direct users to an FTC website that provides guidance on protecting children’s privacy,  and to avoid making any future deceptive claims regarding privacy and data security.  Some of RockYou’s settlement obligations extend for twenty years, while others last a shorter length of time.


InsidePrivacy recently suffered technical problems that prevented us from publishing new stories.  We regret any inconvenience and are pleased to resume our normal publishing schedule.