The Federal Trade Commission (FTC) collected it largest fine to date for a privacy violation of the Children’s Online Privacy Protection Act (COPPA) Wednesday when UMG Recordings agreed to pay $400,000 to settle civil charges brought by the watchdog agency.
In a separate civil settlement, Bonzi Software, distributor of the BonziBuddy software, agreed to pay $75,000 in the first COPPA case to challenge the information collection practices of an online service in connection with a software product. Previous COPPA cases have addressed only Web site operators’ information collection practices.
The FTC alleged the two firms knowingly collecting personal information from children online without first obtaining parental consent. In addition to the fines, the settlements prohibit future COPPA violations, require that the companies delete any information collected in violation of COPPA, and contain certain record-keeping requirements to allow the FTC to monitor the companies’ future compliance.
The COPPA rule applies to operators of commercial Web sites and online services directed to children, general audience Web sites and online services that have actual knowledge that they are collecting personal information from children under the age of 13.
Among other things, the rule requires that these Web site operators post privacy policies, provide parental notice, and obtain verifiable consent from a parent or guardian before collecting personal information from children.
UMG Recordings operates hundreds of general audience Web sites that advertise and promote its numerous music labels and recording artists, many of whom are popular with children. UMG sites offer activities such as e-mail newsletters and updates, fan clubs and bulletin boards.
The FTC complaint charges that UMG’s Web site registration forms collected extensive personal information including full name, birth date, e-mail address, home address, phone number, gender and other information such as visitors’ preferences in music, sports and apparel.
According to the FTC, UMG gained actual knowledge that a child was registering on the site whenever a child entered a birth date indicating he was under the age of 13. Yet, the FTC alleges, UMG collected this personal information from children without first notifying parents and obtaining verifiable parental consent.
In some instances, UMG sent notices to parents after collecting their children’s personal information. The complaint alleges that these notices violated the COPPA’s parental consent requirement because they were sent after the collection of personal information and were “deficient in other regards.”
The complaint also claims that, in some instances, UMG used the children’s personal information to e-mail them marketing materials on other musicians and Web sites.
Bonzi markets free, downloadable software that display an interactive, animated purple gorilla on users’ computers. The BonziBuddy online registration form requires users to provide a birth date and several other types of personal information. Like UMG, the FTC claims Bonzi had actual knowledge, as a result of collecting birth date information, that thousands of children were registering for BonziBuddy.
The FTC complaint alleges that Bonzi failed to provide direct notice to parents of what information it sought to collect from children or obtain verifiable parental consent before collecting such information.
It also says that Bonzi software failed to post a clear and complete privacy notice for its online service or to provide a reasonable means for parents to review the personal information collected from their children.