Close
Report Comment to a Moderator Our Moderators review all comments for abusive and offensive language, and ensure comments are from Verified Users only.
Please report a comment only if you feel it requires our urgent attention.
I understand, report it. Cancel

Broken Thumbs pays $50,000 for violating child privacy laws

Tue 16 Aug 2011 7:40am GMT / 3:40am EDT / 12:40am PDT
MobileLegal

iOS developer settles for collecting personal details of children under age of 13

App developer Broken Thumbs has settled with the Federal Trade Commission in the US for breaking child privacy laws.

The developer of Emily's Girl World and related titles will now pay $50,000 for collecting "tens of thousands" of email addresses from children under the age of 13 without notifying their parents.

"The FTC’s COPPA Rule requires parental notice and consent before collecting children’s personal information online, whether through a website or a mobile app," said Chairman Jon Leibowitz. "Companies must give parents the opportunity to make smart choices when it comes to their children's sharing of information on smartphones."

The FTC also alleges that Broken Thumbs also allowed children to share personal information on message boards, again breaking the COPPA (Children's Online Privacy Protection Act ) rule. Broken Thumbs will not be allowed to violate the rule again and all personal information is to be deleted.

Earlier this year Disney's Playdom social business settled with the FTC for a similar violation for $3 million.

9 Comments

Mark Gilbert Games Designer, Abstraction Games

14 0 0.0
Considering the amount of companies that have had people's personal data compromised I think this is nowhere near as steep a fine as it should have been. $50,000 is a small price to pay compared to if they had lost this data and had to publicly announce they had just lost tens of thousands of underage people's contact details.

Edited 1 times. Last edit by Mark Gilbert on 16th August 2011 1:47pm

Posted:3 years ago

#1

Doug McFarlane Co-Owner, KodeSource

39 36 0.9
I understand the 'spirit' of this law, but how does an app developer know a child is under 13 years of age?

Is the developer safe if the app simply asks 'Are you 13 years or older?'. If the child is under 13, the developer did his best, so he is in the clear. What if the child chooses 'No'? Is the child then supposed to go get his/her parent's permission, then the parent clicks a confirmation 'I'm the parent and I consent!'?

The point I'm making is that how many children can figure a way around these strict security measures and lie about being over 13? Does that make the developer any less liable? If it does then this law has a serious problem. If it doesn't, well, it has another serious problem.

And this would apply to anybody developing any software for any platform that asks for personal information.

Posted:3 years ago

#2

Greg Wilcox Creator, Destroy All Fanboys!

2,193 1,170 0.5
@Mark - and I'd bet ten times that fine that BT and Disney are not the ONLY one who've done this crap.

I wonder if anyone is checking to see that that info is ACTUALLY being deleted and not sold under the table, as it's a gold mine for marketers and other folks who want to trap in constant consumers at an early age and get them to get their parents to shell out bucks for all sorts of products and services. I'd not even let a company that did this stay in business, as those fine are a tiny percentage of what they rake in...

Posted:3 years ago

#3

James Verity

132 25 0.2
Ive started sending out a bill whenever I receive an email I didnt ask for at £100 a pop... I do give them seven days to comply to remove my details, before they are billed...

Posted:3 years ago

#4

Chris Aikman Freelancer

7 0 0.0
@Jame V - I almost feel stupid for asking but are you kidding?

On topic. Since I've never had to click that I'm under 13 what actually happens if you click on it? Does it say to ask a parent or guardian to register on your behalf or something?

Posted:3 years ago

#5

James Verity

132 25 0.2
@Chris Aikman no I am not kidding... getting fed up with companies harvesting details without permission...

btw: $50,000 fine isnt enough, they should have bankrupted the company... same goes for those companies that dont securely encrypt customers personal details...

Edited 1 times. Last edit by James Verity on 16th August 2011 6:13pm

Posted:3 years ago

#6

Seth Bembeneck Game Master

3 1 0.3
@Doug, my understanding - which I'll admit is limited, but what I do on websites I run that could fall under this law is that as long as I attempt to weed out the under 13 crowed, and immediately act upon it once I find an under aged account, one should be ok. I don't know if fan/guild/squad websites geared around games fall under COPPA protection, but I choose to believe so just to be on the safe side.

You can't stop players from lying about their age, unless you get into requiring one on one phone calls to talk to a parent or rely on credit cards for verificatio


Were I running a game company (or at least responsible for helping form policy) I would at least add an age-gate. Then develop a policy where if it becomes known that a minor 13 and under lied to get around the age gate, the account would immediately be banned, if not out right deleted, with an email being sent to the registered email address. This would also be explained in the game's EULA/TOS/Privacy statement.

You can't stop players from lying about their age, unless you get into requiring one on one phone calls to talk to a parent or rely on credit cards for verification. But it seems to me that doing the above at least shows intent to not collect info from minors

Obviously, one should consult a lawyer who deals in this area to be completely sure one is satisfying COPPA law

Posted:3 years ago

#7

Doug McFarlane Co-Owner, KodeSource

39 36 0.9
@Seth, thanks, that's some great advice, especially the 'consult a lawyer' part!

It sounds like as long as you do your part to attempt to prevent under age accounts you should be fine. Even though some may lie about their age, that's out of your control.

Posted:3 years ago

#8
The article fails to mention that the App is intended for young girls under age 13 (which triggers COPPA) and that the developer told users to send "shout outs" to their friends via email which was in turn posted to the company's blog. Agree with the reasoning for the law or not, this is a clear violation of the actual language of the statute regarding collection of PII from children and disclosing personal information on a public site without parental consent. The FTC actually has a fairly good FAQ re: application of COPPA to internet service providers and the safe harbors to avoid liability.

Big takeaway - COPPA applies to mobile phones and devs can't rely on Apple to tell them when they crossed the line.

Posted:3 years ago

#9

Login or register to post

Take part in the GamesIndustry community

Register now