The Center for Digital Democracy is filing complaints at the Federal Trade Commission alleging that Disney's MarvelKids.com Web site and a Hello Kitty mobile app are collecting and sharing kids online information in violation of the revised Children's Online Privacy Protection Act (COPPA).
They are the first complaints under the revised rules filed by CDD, which has been a leading voice for stronger protections for children's online information.
COPPA was revised almost a year ago to tighten regs on what and how online info can be collected from kids, including via mobile apps.
In the complaints, copies of which were obtained by Multichannel News, CDD says MarvelKids.com is a child-directed Web site [it points out "kids" is in the name] collecting personal info from kids and sharing it with third-party marketers without adequate notice or verifiable parental consent, in violation of COPPA.
According to CDD attorneys, the complaint followed an investigation of cookies being placed on computers by the site.
In the complaint against Sanrio and its Hello Kitty Carnival mobile phone app, CDD says it is a child-directed app that Sanrio and third-party advertisers use to collect personal information from kids including unique mobile device identifiers, photos and geolocation without COPPA-compliant notice or verifiable parental consent, in violation of the revised Children’s Online Privacy Protection Act (COPPA).
CDD attorneys say collecting that geolocation info would likely be a violation of COPPA even before last year's changes. They want the FTC to investigate and take whatever enforcement action is necessary.
“These two complaints reveal a pattern of disturbing practices that threaten children's privacy and undermine the ability of parents to control how information is collected and used,” said CDD executive director Jeff Chester of the complaints. “The new COPPA rules approved one year ago were designed to protect children from contemporary data collection practices that track consumers 24/7—on mobile phones and ‘apps,’ on social media, and when playing online games. But what we discovered is that the same powerful and pervasive data-gathering digital complex is at work on leading kids sites.”
Disney's Interactive division had not responded to a request for comment at press time, but the site does bear the self-regulatory BBB/CARU Kids Privacy Safe Harbor logo, meaning it is a participant in the Better Business Bureau's kids privacy safe harbor program. According to the site, that means that Marvel's information practices "have been reviewed and meet the standards of the Children's Advertising Review Unit's Kid's Privacy Safe Harbor Program."
A Sanrio spokesperson did not have a response at press time.