privacy and digital media - Broadcast Law Blog

FTC Consent Decree Reinforces Need for Websites Aimed at Kids to Comply with COPPA

David Silverman — Thu, 10 Nov 2011 15:31:39 -0500

If your station engages in children's programming and maintains a website or web page directed to children under the age of 13, this case may be of interest to you.

The operator of a website called Skid-e-Kids, a self-described “Facebook and MySpace for kids,” has learned that it is not enough merely to have a privacy policy that requires parental consent prior to obtaining personal information online from children under the age of 13. Such website operators must actually abide by that policy as well. The Federal Trade Commission (FTC) reinforced that lesson via an enforcement action and settlement with the company this week.

Skid-e-Kids (skidekids.com) advertises itself as “Safe, Fun and very educational.” Their target group is children ages 7-14. The Children’s Online Privacy Protection Act of 1998 (COPPA) and corresponding FTC rule require parental consent before children under the age of 13 can be requested or required to provide personal information online.

Skid-e-Kids had a Privacy Policy that “requires child users to provide a parent’s valid email address in order to register on the website.” In practice, however, that was not the case. Children were required to provide a birth date, gender, user name, password and email address prior to using the website. Once that information was provided, the child was automatically registered on the website. Worse still, Skid-e-Kids did not even request a parent’s email address and made no attempt to notify parents or obtain parental consent.

]]>The FTC discovered that Skid-e-Kids had collected and maintained personal information from approximately 5,600 children, apparently all without obtaining parental consent. As a result, the FTC filed a complaint against the website operator in the Northern District of Georgia, alleging violations of both COPPA, for failing to obtain parental consent for children under age 13, and of the FTC Act, for the site’s false and misleading representation that it did so.

This week, Jones O. Godwin, operator of the Skid-e-Kids website, entered into a Consent Decree, agreeing to comply with COPPA and to delete personal information obtained from children without parental consent. Godwin was also required to pay a civil penalty of $100,000, all but $1,000 of which was suspended pending compliance with COPPA and the Consent Decree for the next ten years. The Consent Decree also requires Godwin to retain an independent third party to assess the site’s compliance with COPPA for the next five years.

This case acts as a reminder that posting a COPPA-compliant policy is not enough. Stations that maintain websites or web pages directed to children under age 13 must actually obtain the necessary parental consent before proceeding to collect personal information from children.

A Summary of Privacy Issues for Broadcasters and Other Media Companies - A Presentation to the Texas Association of Broadcasters

David Oxenford — Thu, 26 May 2011 08:30:19 -0500

Legal issues regarding privacy have long been an issue for broadcasters and other media companies. Traditionally, privacy concerns for media companies have arisen in the context of news gathering, advertising or other on-air content that either was gathered in a way that intruded on someone's privacy, or which used private facts or personal images, without consent, for commercial purposes. As technology developed, privacy related issues followed. There are legal restrictions setting out rules about using automated calling (or texting) for commercial purposes to people who have not consented, sending faxes to persons who have not given you permission to use their fax numbers, and sending unsolicited emails. Online, the issues increase, with rules or policies in existence or in development. There long have been rules about collecting personal information about children under the age of 13 (under COPPA - the Children's Online Privacy Protection Act, see information about a recent enforcement action here). Other laws govern the need to keep secure any private information that you collect about others - like credit card information that you may collect from advertising clients or listeners who buy merchandise or other goods from the station (everything from tee shirts to Groupon-like coupons). And recently, there have been a number of lawsuits and government actions targeting the collection and unauthorized use of personally identifiable information about website visitors (or those using a station App) without knowledge or consent. All of these issues were discussed during a webinar that Ronnie London and I conducted for the Texas Association of Broadcasters. The slides from that session, providing a good outline of many of the basic legal issues that arise in connection with privacy issues, are available here.

We've written about these new media privacy issues before, and our firm's Privacy and Security Blog cover these issues regularly. This is an important area that broadcasters need to pay attention to, especially as they increase commercial activity from their websites, on mobile applications, and in other forms of digital media. Plaintiff''s attorneys are looking for companies who do not adhere to their privacy policies or who provide personally identifiable information (known as "PII" in the privacy world) to third parties without permission. Congress, the FTC, the FCC, and the Commerce Department have all been looking at new regulatory regimes to govern privacy in many areas - including enhanced and targeted advertising, and the use of geo-location information. Pay attention to these development as, while the web offers many new opportunities to increase revenues, it also may well bring new legal concerns for broadcasters beyond those FCC issues with which broadcasters have so long concerned themselves.

Pandora Gets Subpoena About Mobile App - Privacy, the Next Big Issue for Digital Media Companies

David Oxenford — Mon, 11 Apr 2011 02:20:23 -0500

As broadcasters pursue their digital future, new legal issues arise to greet their entry into the on-line world and to add to the challenges posed by the new media. Over the last few years, we’ve have written extensively about music rights and their impact on webcasters, broadcasters, and other digital media companies. We’ve talked about patent law issues that have faced digital media companies. And we’ve discussed other content issues, like FTC online sponsorship disclosure requirements, that have arisen from time to time. But the one issue that now seems poised to dominate the legal conversation in coming months (or years) is that of privacy. This past week, we saw Pandora announce that it has received a subpoena from a Federal grand jury in connection with an investigation into the use of information collected from various mobile apps, and whether users of these apps were aware of the use of their private information. Other companies apparently received this same request. This investigation is but the tip of the iceberg on privacy issues facing media companies operating in the digital world - challenges coming from the courts and from legislative and administrative initiatives in Washington.

Everyone knows that one of the great benefits of the Internet and the many services available on-line and through mobile apps, is the ability to personalize so as to provide a unique listening or viewing experience for every user. Instead of being limited to the linear programming that a broadcast service provides to all users at the same time, users can tailor their digital media experience to give them what they want and, as wireless broadband penetration increases through smart phones and other devices, almost whenever they want it. In some cases, the costs of providing an individualized service, because of bandwidth needs, royalties and license fees and for other reasons, the cost per each additional listener is often higher than that incurred by the traditional media. And online users thus far have been unwilling to tolerate the commercial advertising load that a traditional media experience might provide. To meet these higher marginal costs, and the lower spot loads, many digital media companies have looked to personalization of advertising to allow for higher advertising rates on the theory that advertising will be more efficient if you can guarantee that it will be targeted to reach its intended audience – geographical, demographic or based on expressed interests. As digital media companies have sought to refine the targeting available through their advertising, privacy issues have arisen.

]]>Many people fear that the information collected by digital media companies will invade their privacy in some way or another. While the current uses of this information is to provide advertisers with the ability to target their advertising at individuals more likely to act on that advertising, and otherwise serve the interests of the user, some have speculated that the information, based on personally surrendered information or from information based on an Internet browsing history, could somehow be compiled and made available for some nefarious purposes (identity theft, personal or professional embarrassment, etc). Others simply don't like the idea that information about them is being gathered for someone else's financial gain (even though that gain is being used to pay for the service that the user is enjoying). Based on these concerns, there have been several reports issued by government agencies, including ones by the Federal Trade Commission and the Department of Commerce (summarized on our firm’s Broadband Law Advisor Blog here and here), suggesting more disclosure about information collection and that people be able to opt out of the collection of personally identifiable information. Various legislative efforts to address these issues have arisen, including a Bill recently introduced in the House of Representatives by Congressman Bobby Rush, which would place limits and more open disclosure requirements on the collection and use of personally identifiable information used for behavioral advertising and other purposes. Much discussion has already centered on these questions and no doubt more will be forthcoming if Congress can distract itself from budget issues in the coming months.

At the same time, private attorneys and private parties have entered the fray, as there are already various data security and privacy statutes on the books under both Federal and state laws, filing lawsuits in various jurisdictions challenging companies, including many media companies, of misusing personally identifiable information that they have collected. Often, these suits are based on claims that the information was used in a manner not clearly disclosed in a company’s privacy policy. Thus, media companies who collect information need to be very sure that any information that is collected is used in a manner totally consistent with their policies and with any laws limiting the use of private information.

The FTC has also been involved in policing some of these very issues, and we’ll soon write about some of the recent consent decrees entered into between media companies and the FTC. As digital media becomes a more and more important portion of the revenues of every media company, and as the ability to gather personal information about individuals who use a site increases, the potential for conflicts between commercial practices and the privacy laws and policies will no doubt increase. So watch this space, and our firm’s Privacy and Security Blog, for more information about these topics, and be prepared.