Privacy & Information Security Law Blog

On August 15, 2011, the Federal Trade Commission announced a settlement with W3 Innovations, LLC, doing business as Broken Thumbs Apps (“W3”) for violations of the Children’s Online Privacy Protection Act (“COPPA”) and the FTC’s COPPA Rule.  This marks the FTC’s first privacy settlement involving mobile applications.

The FTC alleged in its complaint (main document, exhibits) that W3, which has developed over forty mobile applications for the Apple iPhone and iPod Touch, collected more than 30,000 email addresses from users of its “Emily’s Girl World” and “Emily’s Dress Up” applications that are targeted at children under the age of 13.  Further, the complaint alleges that W3 “collected, maintained, and/or disclosed personal information from over 300 Emily’s Girl World app users and approximately 290 Emily’s Dress Up app users” that the users had submitted on blogs related to the applications.  W3’s activities violated the COPPA Rule by failing to provide notice to parents of the personal information collected online from children, and how W3 uses that information, and neglecting to “obtain verifiable parental consent before any collection of personal information from children.”

In addition to imposing a $50,000 civil penalty, the Consent Decree and Order enjoins W3 from any future violations of the COPPA Rule and compels the company to delete all personal information collected in violation of the COPPA Rule through the date of the Consent Decree and Order.

In announcing the settlement, FTC Chairman Jon Leibowitz stated that “The FTC’s COPPA Rule requires parental notice and consent before collecting children’s personal information online, whether through a website or a mobile app.  Companies must give parents the opportunity to make smart choices when it comes to their children’s sharing of information on smart phones.”  Recent studies indicate that, although consumers cite privacy as a key concern when using mobile apps, most mobile applications lack privacy policies.  With this enforcement action, the FTC has indicated an interest in focusing on mobile application privacy issues.