Privacy & Cybersecurity Law Blog

On May 12, 2011, the Federal Trade Commission announced that Playdom, Inc., a Disney subsidiary, has agreed to pay $3 million to settle charges that the company violated Section 5 of the FTC Act and the Children’s Online Privacy Protection Rule (“COPPA Rule”) “by illegally collecting and disclosing personal information from hundreds of thousands of children under age 13 without their parents’ prior consent.”  This settlement marks the largest civil penalty imposed for an FTC COPPA Rule violation.

According to the FTC complaint (main document, exhibits) filed on May 11, 2011, Playdom, Inc., a developer of online multiplayer games, and the company’s Chief Executive Officer, Howard Marks, operated approximately 20 online virtual world websites that enabled users to access online games and other activities.  The FTC alleged that in over 1.2 million instances, defendants collected, used or disclosed the personal information of children in violation of the COPPA Rule.  Specifically, the complaint asserted that the defendants (1) collected children’s personal information and enabled children to publicly disclose their personal information through personal profile pages and community forums, which contradicted statements made by the defendants in their privacy policy, (2) used a privacy notice that “did not clearly, completely, or accurately” disclose all of the defendants’ information collection, use and disclosure practices for children, (3) failed to provide parents with a direct notice of their information practices prior to the collection, use and disclosure of children’s personal information, and (4) did not obtain verifiable consent from parents prior to such information processing, as required by the COPPA Rule.

In addition to the $3 million civil penalty, the consent decree and order entered into by the defendants permanently prohibits them from violating the COPPA Rule and misrepresenting their information practices with respect to children.