Web Sites Accused of Collecting Data on Children
A coalition of nearly 20 children’s advocacy, health and public interest groups plans to file complaints with the Federal Trade Commission on Wednesday, asserting that some online marketing to children by McDonald’s and four other well-known companies violates a federal law protecting children’s privacy.
The law, the Children’s Online Privacy Protection Act, requires Web site operators to obtain verifiable consent from parents before collecting personal information about children under age 13. But, in complaints to the F.T.C., the coalition says six popular Web sites aimed at children have violated that law by encouraging children who play brand-related games or engage in other activities to provide friends’ e-mail addresses — without seeking prior parental consent.
At least one company, however, said the accusation mischaracterized its practices, adding that the law allows an exception for one-time use of a friend’s e-mail address. As of late Tuesday, the companies said they had not received copies of the complaints. Obtaining information about adults’ social networks to e-mail marketing messages to their friends is a common industry practice called “tell a friend” or “refer a friend.” But now an increasing number of children’s sites are using the technique by inviting children to make customized videos promoting certain products, for example, and then sending them to friends.
The sites cited by the advocacy groups include McDonald’sHappyMeal.com; Nick.com, the Nickelodeon site owned by Viacom; General Mills’ ReesesPuffs.com; SubwayKids.com; another General Mills site, TrixWorld.com; and Turner’s CartoonNetwork.com.
“It really shows that companies are doing an end run around a law put in place to protect children’s privacy,” said Laura Moy, a lawyer for the Center for Digital Democracy, a nonprofit group in Washington that led the complaints. “Under the law, they can’t just collect e-mail addresses from kids and send them marketing material directly. So they are embedding messages saying, ‘Play this game and share it with your friends,’ in order to target the friends.”
Other members of the coalition include Public Citizen, the Consumer Federation of America, the American Academy of Child and Adolescent Psychiatry and the Rudd Center for Food Policy and Obesity at Yale.
In their letter to the F.T.C., the groups also ask the agency to investigate additional marketing practices that they claim are unfair or deceptive. These include sites that use computer code to track children’s activities online or sites that ask them to upload their photographs.
In an e-mail, Tom Forsythe, a spokesman for General Mills, said the company followed approved practices. It does not collect the original child’s e-mail address and sends only one e-mail to that child’s friend, he said.
In an e-mail, James Anderson, a spokesman for Turner, said the Cartoon Network took compliance with the children’s online privacy law seriously and would review any accusations closely. A spokesman for Subway said the company takes online privacy seriously and complies with the law.
The concerns about certain Web sites aimed at children come as the F.T.C. tries to update children’s privacy rules to ensure that the protections keep pace with the latest technology. The agency recently proposed updates to clarify that the rule extended to mobile devices.
It would also expand protections beyond children’s names and addresses to encompass persistent identifiers like tracking codes that could be used to collect information about individual children as they visited sites without needing to know their names. And it would add photos of children to protected information.