Disney’s Playdom Charged with Violating Children’s Online Privacy, Enters $3 Million FTC Settlement
On May 12, 2011, the FTC announced that it reached a $3 million settlement with online “virtual worlds” website provider Playdom, Inc., a Disney subsidiary, for allegedly violating its own privacy policies and collecting and disclosing personal information on hundreds of thousands of children without parental consent – potential violations of the Children’s Online Privacy Protection Act (COPPA).
Playdom owns and operates a number of online “virtual world” websites, including sites geared for children such as Pony Stars, where users can play online games, post profile pages and engage in other online activities. In the process, between 2006 and 2010, Playdom’s websites collected personal information on over 400,000 children under the age of 13. In July 2010, Playdom was acquired by a subsidiary of The Walt Disney Company.
COPPA requires website operators to maintain clear privacy policies and obtain parental consent prior to the collection, use or disclosure of personal information – such as name, address, email, and telephone number – for children under the age of 13. Playdom allegedly violated COPPA by collecting children’s ages and email addresses during online registration and enabling children-users to post personal information – their names, email addresses, instant messenger names and location information – on profile pages without first obtaining parental consent. Further, Playdom allegedly violated the FTC Act by misrepresenting on their privacy policies that children could not post profile pages, when in fact they could.
On May 11, 2011, the Department of Justice (on behalf of the FTC) formally filed a Complaint and entered the proposed $3 million Consent Decree and Order in the U.S. District Court for the Central District of California in Los Angeles. The $3 million Consent Decree marks the largest civil penalty doled out by the FTC under COPPA. This case and the growing list of cases involving online consumer privacy rights highlight the due diligence required when website operators and other companies collect, use and disclose consumer information (or acquire a company that does).
Christopher S. Koves contributed to this post.