From the Federal Trade Commission:
A developer of mobile applications, including children’s games for the iPhone and iPod touch, will pay $50,000 to settle Federal Trade Commission charges that it violated the Children’s Online Privacy Protection Act (COPPA) and the FTC’s COPPA Rule by illegally collecting and disclosing personal information from tens of thousands of children under age 13 without their parents’ prior consent. This is the Commission’s first case involving mobile applications, known as apps.
“The FTC’s COPPA Rule requires parental notice and consent before collecting children’s personal information online, whether through a website or a mobile app,” said Chairman Jon Leibowitz. “Companies must give parents the opportunity to make smart choices when it comes to their children’s sharing of information on smart phones.”
The FTC’s complaint charged that W3 Innovations, LLC, doing business as Broken Thumbs Apps, and company president and owner Justin Maples, develop and distribute mobile apps for the iPhone and iPod touch that allow users to play games and share information online. According to the FTC, several of the apps, including the Emily’s Girl World, Emily’s Dress Up, Emily’s Dress Up & Shop, and Emily’s Runway High Fashion, were directed to children and were listed in the Games-Kids section of Apple, Inc.’s App Store.
There have been more than 50,000 downloads of these apps, which allowed children to play classic games such as Cootie Catcher and Truth or Dare, and to create virtual models and design outfits. The Emily apps encouraged children to email “Emily” their comments and submit blogs to “Emily’s Blog” via email, such as “shout-outs” to friends and requests for advice. The FTC alleges that the defendants collected and maintained thousands of email addresses from users of the Emily apps.
In addition to collecting and maintaining children’s email addresses, the FTC alleges that the defendants also allowed children to publicly post information, including personal information, on message boards. These interactive apps send and receive information via the Internet, and are online services covered by the COPPA Rule, according to the FTC complaint.
According to the complaint, the defendants did not provide notice of their information- collection practices and did not obtain verifiable parental consent before collecting and/or disclosing personal information from children. The FTC charged that those practices violated the COPPA Rule.
In addition to imposing the $50,000 penalty, the settlement will bar the defendants from future violations of the COPPA Rule and require them to delete all personal information collected in violation of the Rule.
See also coverage by Jacqui Cheng on Ars Technica.