FTC Children's Privacy Enforcement Goes Mobile
In a landmark action, the Federal Trade Commission (FTC) has charged a mobile application developer with violating federal children's privacy laws and regulations. On August 15, 2011, the FTC announced that W3 Innovations, LLC, a developer of mobile applications for the iPhone and iPod Touch, will pay $50,000 as part of a consent decree to settle charges that it illegally collected information from children without first obtaining parental consent. This is the first time that the FTC has charged a mobile application developer with violating the Children's Online Privacy Protection Act (COPPA).
W3 Innovations develops applications built around a central character named Emily, including Emily's Girl World, Emily's Dress Up, Emily's Dress Up & Shop and Emily's Runway High Fashion. According to the FTC, the applications were downloaded more than 50,000 times from the iTunes App Store, where they were listed in the Games-Kids section.
Under COPPA and the FTC's corresponding COPPA Rule, a website operator may not collect personal information (such as a first and last name, address, phone number, e-mail address or social security number) from children under 13 without first obtaining consent from their parents. Additionally, website operators that collect personal information from children must post an accurate privacy policy online.
The FTC alleged that W3 Innovations used the Emily-themed applications to collect thousands of e-mail addresses by encouraging children to e-mail "Emily" and to submit blogs via e-mail. The applications also allowed users to post information, including personal information, on public message boards.
In charging W3 Innovations under COPPA, the FTC determined that because the applications send and receive information over the Internet, they constitute online services and are thus subject to the law and regulations. Although this is the first time that the FTC has charged an application developer under COPPA, the FTC has previously declared that mobile applications could constitute online services.
In addition, this FTC action appears to be the first to charge COPPA violations on the basis of emails sent by children. Agency staff have long held that COPPA applies to personal information collected from email, as well as from websites.
This action should serve as a reminder to companies that operate mobile applications to ensure that those applications comply with COPPA and other federal privacy laws. They should ensure that invitations to contact the business online -- whether by email or otherwise -- are not directed to children without meeting COPPA's standards. Companies should review their websites, mobile applications, social networking and other online services to ensure that they are not inappropriately collecting information from children younger than 13.