The Center for Digital Democracy (“CDD”) recently filed requests for investigation with the Federal Trade Commission (“FTC”) claiming that Marvel Entertainment and Sanrio Digital failed to comply with the Children’s Online Privacy Protection Act’s (“COPPA”) notice and consent requirements. 

• Marvel.  The Marvel filing alleges that Marvelkids.com is a child-directed website that collects personal information, such as IP addresses, and shares this information with third party ad networks without obtaining verifiable parental consent.  The filing notes that the site’s privacy policy has not been updated since the revisions to the COPPA Rule and claims that it is confusing and contradictory.  CDD also highlights Marvel’s participation in the Children’s Advertising Review Unit (“CARU”) and TRUSTe and requests that the FTC “investigate CARU and TRUSTe to determine whether those self-regulation programs are misleading to the public” and whether they are “doing enough to ensure compliance with their guidelines.”

• Hello Kitty.  The Sanrio filing is based on the Hello Kitty Carnival mobile app.  CDD alleges that the app collects personal information, such as device identifiers, photographs, and geolocation information, without obtaining verifiable parental consent.  Notably, CDD alleges that the app is child-directed despite Sanrio’s claim that the app does “not knowingly collect Personally Identifiable Information from persons under the age of 13.”   CDD focuses heavily on the third parties that appear to receive information from the Hello Kitty app and suggests that the FTC should also investigate their use of the information to see if any COPPA violations have occurred.  CDD also alleges that the app’s privacy policy is misleading and contradictory and that it fails to list third parties collecting personal information from the site.

We will continue to track these and other developments pertaining to children’s privacy.