Broken Thumbs pays $50,000 for violating child privacy laws

Considering the amount of companies that have had people's personal data compromised I think this is nowhere near as steep a fine as it should have been. $50,000 is a small price to pay compared to if they had lost this data and had to publicly announce they had just lost tens of thousands of underage people's contact details.

Edited 1 times. Last edit by Mark Gilbert on 16th August 2011 1:47pm

Posted:A year ago

I understand the 'spirit' of this law, but how does an app developer know a child is under 13 years of age?

Is the developer safe if the app simply asks 'Are you 13 years or older?'. If the child is under 13, the developer did his best, so he is in the clear. What if the child chooses 'No'? Is the child then supposed to go get his/her parent's permission, then the parent clicks a confirmation 'I'm the parent and I consent!'?

The point I'm making is that how many children can figure a way around these strict security measures and lie about being over 13? Does that make the developer any less liable? If it does then this law has a serious problem. If it doesn't, well, it has another serious problem.

And this would apply to anybody developing any software for any platform that asks for personal information.

Posted:A year ago

@Mark - and I'd bet ten times that fine that BT and Disney are not the ONLY one who've done this crap.

I wonder if anyone is checking to see that that info is ACTUALLY being deleted and not sold under the table, as it's a gold mine for marketers and other folks who want to trap in constant consumers at an early age and get them to get their parents to shell out bucks for all sorts of products and services. I'd not even let a company that did this stay in business, as those fine are a tiny percentage of what they rake in...

Posted:A year ago

Ive started sending out a bill whenever I receive an email I didnt ask for at £100 a pop... I do give them seven days to comply to remove my details, before they are billed...

Posted:A year ago

@Jame V - I almost feel stupid for asking but are you kidding?

On topic. Since I've never had to click that I'm under 13 what actually happens if you click on it? Does it say to ask a parent or guardian to register on your behalf or something?

Posted:A year ago

@Chris Aikman no I am not kidding... getting fed up with companies harvesting details without permission...

btw: $50,000 fine isnt enough, they should have bankrupted the company... same goes for those companies that dont securely encrypt customers personal details...

Edited 1 times. Last edit by James Verity on 16th August 2011 6:13pm

Posted:A year ago

@Doug, my understanding - which I'll admit is limited, but what I do on websites I run that could fall under this law is that as long as I attempt to weed out the under 13 crowed, and immediately act upon it once I find an under aged account, one should be ok. I don't know if fan/guild/squad websites geared around games fall under COPPA protection, but I choose to believe so just to be on the safe side.

You can't stop players from lying about their age, unless you get into requiring one on one phone calls to talk to a parent or rely on credit cards for verificatio


Were I running a game company (or at least responsible for helping form policy) I would at least add an age-gate. Then develop a policy where if it becomes known that a minor 13 and under lied to get around the age gate, the account would immediately be banned, if not out right deleted, with an email being sent to the registered email address. This would also be explained in the game's EULA/TOS/Privacy statement.

You can't stop players from lying about their age, unless you get into requiring one on one phone calls to talk to a parent or rely on credit cards for verification. But it seems to me that doing the above at least shows intent to not collect info from minors

Obviously, one should consult a lawyer who deals in this area to be completely sure one is satisfying COPPA law

Posted:A year ago

@Seth, thanks, that's some great advice, especially the 'consult a lawyer' part!

It sounds like as long as you do your part to attempt to prevent under age accounts you should be fine. Even though some may lie about their age, that's out of your control.

Posted:A year ago

The article fails to mention that the App is intended for young girls under age 13 (which triggers COPPA) and that the developer told users to send "shout outs" to their friends via email which was in turn posted to the company's blog. Agree with the reasoning for the law or not, this is a clear violation of the actual language of the statute regarding collection of PII from children and disclosing personal information on a public site without parental consent. The FTC actually has a fairly good FAQ re: application of COPPA to internet service providers and the safe harbors to avoid liability.

Big takeaway - COPPA applies to mobile phones and devs can't rely on Apple to tell them when they crossed the line.

Posted:A year ago