Posted on November 10, 2011 by David Silverman

FTC Consent Decree Reinforces Need for Websites Aimed at Kids to Comply with COPPA

If your station engages in children's programming and maintains a website or web page directed to children under the age of 13, this case may be of interest to you. 

The operator of a website called Skid-e-Kids, a self-described “Facebook and MySpace for kids,” has learned that it is not enough merely to have a privacy policy that requires parental consent prior to obtaining personal information online from children under the age of 13. Such website operators must actually abide by that policy as well. The Federal Trade Commission (FTC) reinforced that lesson via an enforcement action and settlement with the company this week.

Skid-e-Kids (skidekids.com) advertises itself as “Safe, Fun and very educational.” Their target group is children ages 7-14. The Children’s Online Privacy Protection Act of 1998 (COPPA) and corresponding FTC rule require parental consent before children under the age of 13 can be requested or required to provide personal information online.

Skid-e-Kids had a Privacy Policy that “requires child users to provide a parent’s valid email address in order to register on the website.” In practice, however, that was not the case. Children were required to provide a birth date, gender, user name, password and email address prior to using the website. Once that information was provided, the child was automatically registered on the website. Worse still, Skid-e-Kids did not even request a parent’s email address and made no attempt to notify parents or obtain parental consent.

The FTC discovered that Skid-e-Kids had collected and maintained personal information from approximately 5,600 children, apparently all without obtaining parental consent. As a result, the FTC filed a complaint against the website operator in the Northern District of Georgia, alleging violations of both COPPA, for failing to obtain parental consent for children under age 13, and of the FTC Act, for the site’s false and misleading representation that it did so.

This week, Jones O. Godwin, operator of the Skid-e-Kids website, entered into a Consent Decree, agreeing to comply with COPPA and to delete personal information obtained from children without parental consent. Godwin was also required to pay a civil penalty of $100,000, all but $1,000 of which was suspended pending compliance with COPPA and the Consent Decree for the next ten years. The Consent Decree also requires Godwin to retain an independent third party to assess the site’s compliance with COPPA for the next five years.

This case acts as a reminder that posting a COPPA-compliant policy is not enough. Stations that maintain websites or web pages directed to children under age 13 must actually obtain the necessary parental consent before proceeding to collect personal information from children.
Tags: , , , , , ,
Posted on September 19, 2011 by David Silverman

FTC Proposes New Rules for Websites Directed to Children

If your station programs to children under the age of 13 or maintains a website or online presence directed to children under age 13, you should be aware of new rules proposed by the Federal Trade Commission (FTC) that will affect both the types of information you are allowed to collect from children and the manner in which it is collected.  The proposed rules, summarized here, would modify the Children's Online Privacy Protection Rule enacted by the FTC to enforce the Children's Online Privacy Protection Act (COPPA) enacted by Congress in 2000.

COPPA requires parental consent whenever personal information is collected from children under the age of 13.  The proposed rules, which would be the first changes made by the FTC since COPPA was enacted, are intended to reflect the recent popularity of social networking, smartphones and the availability of geolocation information.

Stations that have websites or apps dedicated to youth sports leagues or other children's activities could well be subject to these requirements, summarized in our recent Client Advisory available here.  Interested parties may file comments on the new rules by November 28, 2011.

Tags: , , , , , , , , ,
Posted on May 26, 2011 by David Oxenford

A Summary of Privacy Issues for Broadcasters and Other Media Companies - A Presentation to the Texas Association of Broadcasters

Legal issues regarding privacy have long been an issue for broadcasters and other media companies.  Traditionally, privacy concerns for media companies have arisen in the context of news gathering, advertising or other on-air content that either was gathered in a way that intruded on someone's privacy, or which used private facts or personal images, without consent, for commercial purposes.   As technology developed, privacy related issues followed. There are legal restrictions setting out rules about using automated calling (or texting) for commercial purposes to people who have not consented, sending faxes to persons who have not given you permission to use their fax numbers, and sending unsolicited emails.  Online, the issues increase, with rules or policies in existence or in development.  There long have been rules about collecting personal information about children under the age of 13 (under COPPA - the Children's Online Privacy Protection Act, see information about a recent enforcement action here).  Other laws govern the need to keep secure any private information that you collect about others - like credit card information that you may collect from advertising clients or listeners who buy merchandise or other goods from the station (everything from tee shirts to Groupon-like coupons).  And recently, there have been a number of lawsuits and government actions targeting the collection and unauthorized use of personally identifiable information about website visitors (or those using a station App) without knowledge or consent.  All of these issues were discussed during a webinar that Ronnie London and I conducted for the Texas Association of Broadcasters.  The slides from that session, providing a good outline of many of the basic legal issues that arise in connection with privacy issues, are available here.

We've written about these new media privacy issues before, and our firm's Privacy and Security Blog cover these issues regularly.   This is an important area that broadcasters need to pay attention to, especially as they increase commercial activity from their websites, on mobile applications, and in other forms of digital media.  Plaintiff''s attorneys are looking for companies who do not adhere to their privacy policies or who provide personally identifiable information (known as "PII" in the privacy world) to third parties without permission.  Congress, the FTC, the FCC, and the Commerce Department have all been looking at new regulatory regimes to govern privacy in many areas - including enhanced and targeted advertising, and the use of geo-location information.  Pay attention to these development as, while the web offers many new opportunities to increase revenues, it also may well bring new legal concerns for broadcasters beyond those FCC issues with which broadcasters have so long concerned themselves.

Tags: , , , , , , , , ,