Children under the age of 13 possess insight that can blow the minds of their elders, but not the wherewithal to make important life choices for themselves. This is exactly why there are strict rules against marketing cigarettes to them. In 2000, a law went into effect called the Children's Online Privacy Protection Act that institutes similar consumer protections for our youth's online identities, prohibiting companies from soliciting personal information from children under 13 years of age without a parent's consent. This is the reason why so many websites require users to verify their age before they sign up for email lists and such.
The Federal Trade Commission (FTC) has occasionally enforced these rules since then, drawing fiscal blood from UMG Recordings in music and Bonzi Software in PC software. On Monday, W3 Innovations, the parent company of mobile children's game developer Broken Thumb Apps, became the first iOS app developer to face scrutiny under COPPA.
The complaint against them alleges that they knowingly used their "Emily" series of games (including Emily's Dress Up & Shop) to solicit the email addresses, ages, names and other vital information from thousands of children. Found inside the Kids category in the iOS App Store's Games section, these titles were specifically targeted at children and used somewhat misleading means of getting kids to post their information. For example, it asked them to send letters to Emily in order to collect their emails and encouraged users to post their names and information on the public forum for the game, as well. The Emily series alone has more than 50,000 total downloads; that's a lot of personal information to collect.
The crux of the problem is that, according to the FTC, Broken Thumb made no effort to seek parental consent before soliciting the information of its players, nor made anyone aware of their data collection practices. Both of those actions violate COPPA and are the basis of the complaint. Four days after it was filed in San Jose last week, W3 settled for the $50,000 fine and deleted all of the wrongfully collected information.
COPPA is probably a good thing in the long run, but this punishment seems kind of limp and hard to enforce. $50,000 is a lot to fine a person, but W3 is a fairly large company and should be able to bear that with little strain. More problematic is forcing Broken Thumb to delete all the personal information it has. How does one make sure that a company no longer has a big list of names? They could easily have printed it out and stored it somewhere to be reentered into their computers once this heat blows over.
COPPA has already been on the books for more than a decade and still the FTC seems unsure just how to apply and enforce it. Hopefully this will be enough to dissuade Broken Thumb and other companies from taking advantage of children, but I worry it won't be enough. Having our kids attention is just worth too much money.