The FTC alleged that social media website RockYou knowingly collected approximately 179,000 children's email addresses and associated passwords during registration - without their parents' consent - and enabled children to create personal profiles and post personal information on slide shows that could be shared online. The FTC also alleged that Company's security failures put users' including children's personal information at risk.
Specifically, the FTC charged that RockYou violated the COPPA Rule by:
- not spelling out its collection, use and disclosure policy for children's information;
- not obtaining verifiable parental consent before collecting children's personal information; and
- not maintaining reasonable procedures, such as encryption to protect the confidentiality, security, and integrity of personal information collected from children.
RockYou agreed to to settle the FTC's charges. The proposed settlement order would bar deceptive claims regarding privacy and data security and require RockYou to implement a data security program. The company would be required to submit to security audits by independent third-party auditors every other year for 20 years. It would also require RockYou to delete information collected from children under age 13 and bar violations of COPPA. RockYou will also be required to pay a $250,000 civil penalty.
Take Away: Social media websites that collect date of birth must be careful that it is not knowingly collecting personally identifiable information from children under 13. Furthermore, website operators must be increasingly vigilant in making sure that their data security representations are accurate.
PartnerMarketers, advertisers, agencies and suppliers, among others, regularly seek Andy’s counsel regarding legal aspects of their advertising and promotional marketing businesses. He’s pragmatic and always looks for ...