Broken Thumbs pays $50,000 for violating child privacy laws

iOS developer settles for collecting personal details of children under age of 13

App developer Broken Thumbs has settled with the Federal Trade Commission in the US for breaking child privacy laws.

The developer of Emily's Girl World and related titles will now pay $50,000 for collecting "tens of thousands" of email addresses from children under the age of 13 without notifying their parents.

"The FTC’s COPPA Rule requires parental notice and consent before collecting children’s personal information online, whether through a website or a mobile app," said Chairman Jon Leibowitz. "Companies must give parents the opportunity to make smart choices when it comes to their children's sharing of information on smartphones."

The FTC also alleges that Broken Thumbs also allowed children to share personal information on message boards, again breaking the COPPA (Children's Online Privacy Protection Act ) rule. Broken Thumbs will not be allowed to violate the rule again and all personal information is to be deleted.

Earlier this year Disney's Playdom social business settled with the FTC for a similar violation for $3 million.

More stories

No, really - do we need E3? | Podcast

Latest episode available to download now, also discusses alternatives to Apple's 30% cut

By GamesIndustry Staff

China updating real name verification for video games in September

UPDATE: All titles will be expected to comply to prevent children from spending too much time gaming

By James Batchelor

Latest comments (9)

Mark Gilbert Games Designer, Abstraction Games8 years ago
Considering the amount of companies that have had people's personal data compromised I think this is nowhere near as steep a fine as it should have been. $50,000 is a small price to pay compared to if they had lost this data and had to publicly announce they had just lost tens of thousands of underage people's contact details.

Edited 1 times. Last edit by Mark Gilbert on 16th August 2011 1:47pm

0Sign inorRegisterto rate and reply
Doug McFarlane Co-Owner, KodeSource8 years ago
I understand the 'spirit' of this law, but how does an app developer know a child is under 13 years of age?

Is the developer safe if the app simply asks 'Are you 13 years or older?'. If the child is under 13, the developer did his best, so he is in the clear. What if the child chooses 'No'? Is the child then supposed to go get his/her parent's permission, then the parent clicks a confirmation 'I'm the parent and I consent!'?

The point I'm making is that how many children can figure a way around these strict security measures and lie about being over 13? Does that make the developer any less liable? If it does then this law has a serious problem. If it doesn't, well, it has another serious problem.

And this would apply to anybody developing any software for any platform that asks for personal information.
0Sign inorRegisterto rate and reply
Greg Wilcox Creator, Destroy All Fanboys! 8 years ago
@Mark - and I'd bet ten times that fine that BT and Disney are not the ONLY one who've done this crap.

I wonder if anyone is checking to see that that info is ACTUALLY being deleted and not sold under the table, as it's a gold mine for marketers and other folks who want to trap in constant consumers at an early age and get them to get their parents to shell out bucks for all sorts of products and services. I'd not even let a company that did this stay in business, as those fine are a tiny percentage of what they rake in...
0Sign inorRegisterto rate and reply
Show all comments (9)
James Verity8 years ago
Ive started sending out a bill whenever I receive an email I didnt ask for at 100 a pop... I do give them seven days to comply to remove my details, before they are billed...
0Sign inorRegisterto rate and reply
Chris Aikman Freelancer 8 years ago
@Jame V - I almost feel stupid for asking but are you kidding?

On topic. Since I've never had to click that I'm under 13 what actually happens if you click on it? Does it say to ask a parent or guardian to register on your behalf or something?
0Sign inorRegisterto rate and reply
James Verity8 years ago
@Chris Aikman no I am not kidding... getting fed up with companies harvesting details without permission...

btw: $50,000 fine isnt enough, they should have bankrupted the company... same goes for those companies that dont securely encrypt customers personal details...

Edited 1 times. Last edit by James Verity on 16th August 2011 6:13pm

0Sign inorRegisterto rate and reply
Seth Bembeneck Game Master 8 years ago
@Doug, my understanding - which I'll admit is limited, but what I do on websites I run that could fall under this law is that as long as I attempt to weed out the under 13 crowed, and immediately act upon it once I find an under aged account, one should be ok. I don't know if fan/guild/squad websites geared around games fall under COPPA protection, but I choose to believe so just to be on the safe side.

You can't stop players from lying about their age, unless you get into requiring one on one phone calls to talk to a parent or rely on credit cards for verificatio

Were I running a game company (or at least responsible for helping form policy) I would at least add an age-gate. Then develop a policy where if it becomes known that a minor 13 and under lied to get around the age gate, the account would immediately be banned, if not out right deleted, with an email being sent to the registered email address. This would also be explained in the game's EULA/TOS/Privacy statement.

You can't stop players from lying about their age, unless you get into requiring one on one phone calls to talk to a parent or rely on credit cards for verification. But it seems to me that doing the above at least shows intent to not collect info from minors

Obviously, one should consult a lawyer who deals in this area to be completely sure one is satisfying COPPA law
0Sign inorRegisterto rate and reply
Doug McFarlane Co-Owner, KodeSource8 years ago
@Seth, thanks, that's some great advice, especially the 'consult a lawyer' part!

It sounds like as long as you do your part to attempt to prevent under age accounts you should be fine. Even though some may lie about their age, that's out of your control.
0Sign inorRegisterto rate and reply
The article fails to mention that the App is intended for young girls under age 13 (which triggers COPPA) and that the developer told users to send "shout outs" to their friends via email which was in turn posted to the company's blog. Agree with the reasoning for the law or not, this is a clear violation of the actual language of the statute regarding collection of PII from children and disclosing personal information on a public site without parental consent. The FTC actually has a fairly good FAQ re: application of COPPA to internet service providers and the safe harbors to avoid liability.

Big takeaway - COPPA applies to mobile phones and devs can't rely on Apple to tell them when they crossed the line.
0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.