By Lindsey Tonsager and Mike Nonaka

On October 2, 2012, the Federal Trade Commission filed a proposed consent decree resolving claims that Artist Arena LLC violated the Children’s Online Privacy Protection Act (COPPA) by collecting and disclosing email addresses, birth dates and other personal information from more than 100,000 children younger than the age of

Yesterday, the Federal Trade Commission (“FTC”) approved an agreement with MySpace to settle charges that the company misrepresented the extent to which it shared personal information with third-party advertisers.  MySpace’s privacy policy suggested that it would not share personally identifiable information (“PII”) with third parties without the user’s permission, but the Commission alleged that this

According to court documents filed last week, Netflix has agreed to change its data storage practices and pay about $9 million to settle allegations that it unlawfully retained and disclosed customers’ video-viewing histories.  Specifically, Netflix agreed to decouple viewing history from identification information once users have been inactive for a year; to pay $30,000 to the class representatives; to pay up to $2.25 million to class counsel; and to give the remaining funds to nonprofit organizations that provide privacy-related education.  The proposed settlement agreement has been submitted to the court for preliminary approval. 

The injunctive remedies, cy pres relief, and sizable award to class counsel in In re Netflix Privacy Litigation are consistent with settlements reached in earlier privacy-related lawsuits.  For example:

Continue Reading Netflix to Settle Video Privacy Suit

Yesterday, the FTC announced that MySpace has agreed to settle charges that it engaged in deceptive practices by disclosing personal information to third parties despite statements in its privacy policy suggesting it would not engage in such sharing.  The proposed settlement with MySpace reflects the FTC’s continuing concern with the privacy practices of social networking

Recently, the Federal Trade Commission announced that it has settled charges against RockYou, a game and entertainment website.  The FTC alleged that RockYou knowingly collected email addresses and passwords and other information from 179,000 children without their parents’ consent.  It also alleged that RockYou failed to employ adequate security features to protect the information of its 32 million users.  The FTC claimed that RockYou’s actions violated the Children’s Online Privacy Protection Act (COPPA) Rule and Section 5 of the FTC Act, which prohibits unfair and deceptive trade acts.  As part of its settlement, RockYou agreed to pay $250,000.

The FTC alleged that in addition to collecting email addresses and passwords from users, including children, RockYou’s features enabled children to create profiles and upload personal information on picture slide shows.  According to the FTC, because the company collected users’ birth years, it knew that many of the people from whom it collected were children under the age of 13.  Under the COPPA Rule, websites collecting personal information from children under the age of 13 must obtain parental consent prior to information collection and must maintain a privacy policy detailing information collection practices with respect to children.  The FTC alleges that RockYou did not meet these requirements.  It also alleges that RockYou did not maintain adequate security for personal data despite making public assurances regarding its security features and despite the COPPA Rule’s requirement that companies maintain reasonable security procedures with respect to children’s personal information.

Continue Reading RockYou Reaches Settlement With FTC Over Child Privacy and Data Security Allegations

Yesterday, the FTC announced that it has settled charges against Upromise, Inc., a company that enables consumers to receive rebates when shopping at partner merchants.  (The rebates are placed in college savings accounts—hence Upromise’s name.)  According to the Commission’s complaint, Upromise offered online users a toolbar feature, which, when downloaded, would highlight Upromise’s partners

Last week, the FTC announced that it has agreed to end its 18-month investigation of Facebook’s privacy practices, with a settlement that involved a twenty-year compliance plan and specific steps to formalize privacy within Facebook’s organization.  Though the proposed settlement, which will now be open for public comment, has met with a range of reactions, what we’re hearing most are questions about what the development means for the rest of the industry.

In its investigation, the FTC focused on a number of privacy practices that it claimed were misleading.  For example, the agency looked at changes that Facebook made to its privacy practices in 2009 that the FTC alleged led to changes in the privacy status of certain information.  The FTC also argued that Facebook hadn’t done enough to explain to users when their information might be shared with apps by their friends and how Facebook handled deletion of information.

In settling these charges, Facebook didn’t agree to these allegations or admit that it violated the law.  Instead, the company explained in a blog post that it signed the agreement to formalize its “commitment to do the things we’ve always tried to do and planned to keep doing — giving you tools to control who can see your information and then making sure only those people you intend can see it.”  Facebook also said that it agreed to “embrace [the FTC’s] ideas” about how it could enhance its internal privacy practices.

So what lessons can you take from the Facebook agreement if you’re not Facebook and aren’t directly obligated to comply with its terms?

Continue Reading Facebook’s FTC Agreement: What Does It Mean For Me?

Following a public comment period that began in March of this year, the Federal Trade Commission has accepted as final a settlement with Google relating to the social network “Buzz” product that was launched in 2010.  (For more details about the Buzz product and its launch see Inside Privacy’s prior post, here).  As the Commission’s press release states, “The settlement resolves charges that Google used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz . . . .”

The Commission voted 4-0  to approve the settlement, which imposes numerous requirements on Google, including:

Continue Reading Google Buzz FTC Settlement Accepted