Privacy and Security Law Blog

FTC Enters into Consent Decree with Skid-e-Kids for COPPA Violations

By David M. Silverman

The operator of the Skid-e-Kids website, a self-described “Facebook and MySpace for kids,” has learned that it is not enough merely to have a privacy policy that requires parental consent prior to obtaining personal information online from children under the age of 13. Such website operators must actually abide by that policy as well. The Federal Trade Commission (FTC) reinforced that lesson via an enforcement action and settlement with the company this week.

Skid-e-Kids (skidekids.com) advertises itself as “Safe, Fun and very educational.” Their target group is children ages 7-14. The Children’s Online Privacy Protection Act of 1998 (COPPA) and corresponding rule enforced by the FTC require parental consent before children under the age of 13 can be requested or required to provide personal information online.

Skid-e-Kids had a Privacy Policy that “requires child users to provide a parent’s valid email address in order to register on the website.” In practice, however, that was not the case. Children were required to provide a birth date, gender, user name, password and email address prior to using the website. Once that information was provided, the child was automatically registered on the website. Worse still, Skid-e-Kids did not even request a parent’s email address and made no attempt to notify parents or obtain parental consent.

The FTC discovered that Skid-e-Kids had collected and maintained personal information from approximately 5,600 children, apparently all without obtaining parental consent. As a result, the FTC filed a complaint against the website operator in the Northern District of Georgia, alleging violations of both COPPA, for failing to obtain parental consent for children under age 13, and of the FTC Act, for the site’s false and misleading representation that it did so.

This week, Jones O. Godwin, operator of the Skid-e-Kids website, entered into a Consent Decree, agreeing to comply with COPPA and to delete personal information obtained from children without parental consent. Godwin was also required to pay a civil penalty of $100,000, all but $1,000 of which was suspended pending compliance with COPPA and the Consent Decree for the next ten years. The Consent Decree also requires Godwin to retain an independent third party to assess the site’s compliance with COPPA for the next five years.

This case acts as a reminder that a COPPA-compliant policy is not enough. Website operators who target children under age 13 must actually obtain the necessary parental consent before proceeding to collect children’s personal information.

Trackbacks (0) Links to blogs that reference this article Trackback URL
http://www.privsecblog.com/admin/trackback/263739
Comments (0) Read through and enter the discussion with the form at the end
Davis Wright Tremaine LLP
Anchorage
188 West Northern Lights Blvd.
Suite 1100
Anchorage, AK 99503-3985
Phone:
(907) 257-5300
San Francisco
505 Montgomery Street
Suite 800
San Francisco, CA 94111-6533
Phone:
(415) 276-6500
Bellevue
777 108th Avenue NE
Suite 2300
Bellevue, WA 98004-5149
Phone:
(425) 646-6100
Seattle
1201 Third Avenue
Suite 2200
Seattle, WA 98101-3045
Phone:
(206) 622-3150
Los Angeles
865 South Figueroa Street
Suite 2400
Los Angeles, CA 90017-2566
Phone:
(213) 633-6800
Washington, D.C.
1919 Pennsylvania Avenue, NW
Suite 800
Washington, D.C. 20006-3401
Phone:
(202) 973-4200
New York
1633 Broadway
27th Floor
New York, NY 10019-6708
Phone:
(212) 489-8230
Shanghai
Suite 701-704
Two International Finance Centre
8 Century Avenue, Pudong District
Shanghai 200120 P.R. China
(011) 86-21-6279-8560
Portland
1300 SW Fifth Avenue
Suite 2300
Portland, OR 97201-5630
Phone:
(503) 241-2300
Attorney Advertising.

Prior results do not guarantee a similar outcome.