FTC Enters into Consent Decree with Skid-e-Kids for COPPA Violations

By David M. Silverman

The operator of the Skid-e-Kids website, a self-described “Facebook and MySpace for kids,” has learned that it is not enough merely to have a privacy policy that requires parental consent prior to obtaining personal information online from children under the age of 13. Such website operators must actually abide by that policy as well. The Federal Trade Commission (FTC) reinforced that lesson via an enforcement action and settlement with the company this week.

Skid-e-Kids (skidekids.com) advertises itself as “Safe, Fun and very educational.” Their target group is children ages 7-14. The Children’s Online Privacy Protection Act of 1998 (COPPA) and corresponding rule enforced by the FTC require parental consent before children under the age of 13 can be requested or required to provide personal information online.

Skid-e-Kids had a Privacy Policy that “requires child users to provide a parent’s valid email address in order to register on the website.” In practice, however, that was not the case. Children were required to provide a birth date, gender, user name, password and email address prior to using the website. Once that information was provided, the child was automatically registered on the website. Worse still, Skid-e-Kids did not even request a parent’s email address and made no attempt to notify parents or obtain parental consent.

The FTC discovered that Skid-e-Kids had collected and maintained personal information from approximately 5,600 children, apparently all without obtaining parental consent. As a result, the FTC filed a complaint against the website operator in the Northern District of Georgia, alleging violations of both COPPA, for failing to obtain parental consent for children under age 13, and of the FTC Act, for the site’s false and misleading representation that it did so.

This week, Jones O. Godwin, operator of the Skid-e-Kids website, entered into a Consent Decree, agreeing to comply with COPPA and to delete personal information obtained from children without parental consent. Godwin was also required to pay a civil penalty of $100,000, all but $1,000 of which was suspended pending compliance with COPPA and the Consent Decree for the next ten years. The Consent Decree also requires Godwin to retain an independent third party to assess the site’s compliance with COPPA for the next five years.

This case acts as a reminder that a COPPA-compliant policy is not enough. Website operators who target children under age 13 must actually obtain the necessary parental consent before proceeding to collect children’s personal information.

Trackbacks (0) Links to blogs that reference this article Trackback URL
http://www.privsecblog.com/admin/trackback/263739
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?
Send To A Friend Use this form to send this entry to a friend via email.