Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/12/2011
04:42 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

20 Online Virtual Worlds Agree To Pay $3 Million To Settle FTC Complaint

COPPA Rule requires that website operators notify parents and obtain their consent before they collect, use, or disclose children’s personal information

The operators of 20 online virtual worlds have agreed to pay $3 million to settle Federal Trade Commission charges that they violated the Children’s Online Privacy Protection Rule by illegally collecting and disclosing personal information from hundreds of thousands of children under age 13 without their parents’ prior consent. This settlement is the largest civil penalty for a violation of the FTC’s COPPA Rule.

The FTC’s complaint charged that Playdom, Inc., a leading developer of online multi-player games, and company executive Howard Marks operated 20 virtual world websites where users could access online games and other activities, including 2 Moons, 9 Dragons, and My Diva Doll. At least one of these virtual worlds, Pony Stars, was a website specifically directed to children, and the company’s other websites intended for a general audience also attracted a significant number of children. Between 2006 and 2010, approximately 403,000 children registered on the defendants’ general audience sites, and 821,000 more users registered in the Pony Stars children’s site.

The FTC’s COPPA Rule requires that website operators notify parents and obtain their consent before they collect, use, or disclose children’s personal information. The Rule also requires that website operators post a privacy policy that is clear, understandable, and complete. The FTC alleged that Playdom and Marks failed to meet these requirements.

“Let’s be clear: Whether you are a virtual world, a social network, or any other interactive site that appeals to kids, you owe it to parents and their children to provide proper notice and get proper consent,” said Jon Leibowitz, Chairman of the Federal Trade Commission. “It’s the law, it’s the right thing to do, and, as today’s settlement demonstrates, violating COPPA will not come cheap.”

According to the FTC, Playdom took ownership of the websites when it acquired the sites’ original developer, Acclaim Games, Inc., in May 2010. Marks was Acclaim’s CEO, and later served as the head of the Acclaim Studio at Playdom. Playdom and Marks continued to operate the websites in violation of the COPPA Rule after the merger, according to the Commission’s complaint. In August 2010, Playdom became a subsidiary of Disney Enterprises, Inc., a subsidiary of The Walt Disney Company.

The FTC complaint alleges that the defendants collected children’s ages and email addresses during registration and then enabled children to publicly post their full names, email addresses, instant messenger IDs, and location, among other information, on personal profile pages and in online community forums. The FTC charged that the defendants’ failure to provide proper notice or obtain parents’ prior verifiable consent before collecting or disclosing children’s personal information violated the COPPA Rule. It further charged that the defendants violated the FTC Act because Playdom’s privacy policy misrepresented that the company would prohibit children under 13 from posting personal information online.

In addition to the $3 million civil penalty, the settlement order permanently bars the defendants from violating the COPPA Rule and from misrepresenting their information practices regarding children.

The Commission vote to authorize the staff to refer the complaint to the Department of Justice, and to approve the proposed consent decree, was 5-0. The DOJ filed the complaint and proposed consent decree on behalf of the Commission in U.S. District Court for the Central District of California, in Los Angeles on May 11, 2011. The proposed consent decree is subject to court approval.

NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the defendant has actually violated the law. This consent decree is for settlement purposes only and does not constitute an admission by the defendants of a law violation. Consent decrees have the force of law when signed by the District Court judge.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. “Like” the FTC on Facebook and “follow” us on Twitter.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5641
PUBLISHED: 2020-11-24
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
CVE-2020-5674
PUBLISHED: 2020-11-24
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2020-29002
PUBLISHED: 2020-11-24
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
CVE-2020-29003
PUBLISHED: 2020-11-24
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...