• FTC Collects Largest Fine To Date for Violation of COPPA
  • April 29, 2004
  • Law Firm: Reed Smith LLP - Pittsburgh Office
  • The Children's Online Privacy Protection Act (COPPA), which went into effect on April 21, 2000, regulates the collection of personal information from children on the Internet. COPPA applies to commercial web site operators and online services directed at children under the age of 13 or any web site operator or online service with actual knowledge that they are collecting personal information from children under 13 years old. To comply with COPPA, applicable web site operators must place privacy and parental notices and obtain parental or guardian consent to collect personal information, among other requirements.

    The FTC recently settled two cases brought under COPPA. In United States of America v. UMG Recordings, Inc., an operator of a web site featuring music popular with children was cited for failure to obtain proper parental consent to collect personal information from children. Aside from basic information such as names, birth dates, home and e-mail addresses, phone numbers and gender, the site solicited from children preferences in music, sports and apparel. While UMG did send notices to parents, such notice was not sent until after the personal information was obtained from the children, and thus deemed deficient. By collecting the information before obtaining parental consent, the FTC was able to assert that COPPA applied to UMG not only as a provider of content directed to children under 13, but also as a general web site operator with actual knowledge that it was collecting information from children under 13. UMG agreed to pay $400,000 in fines, marking the largest collection ever by the FTC in a COPPA case.

    In United States of America v. Bonzi Software, Inc., the FTC pursued an online merchant of software products aimed at children that offered free downloadable software featuring an interactive animated character. In order to download the software, the users were required to provide personal information, such as names and addresses. Like the case in UMG, the FTC alleged that Bonzi failed to provide prior parental notice and, as such, actual knowledge was also found. The FTC further alleged that Bonzi software failed to post a clear and complete privacy notice and a reasonable means for parents to review the personal information collected from their children. The FTC and Bonzi settled the matter for $75,000.

    Why This Matters: These settlements are the ninth and tenth under COPPA since it was enacted. The amounts of the fines should serve as a warning to web site operators that the FTC will vigorously pursue non-compliance with COPPA. The "actual knowledge" threshold, as interpreted by the FTC, is low and, as such, all web site operators that believe that they could be soliciting and collecting information from children, regardless of whether the content is child-based, should make efforts to comply with COPPA. The FTC provides a web site to assist compliance at http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.htm.

    The Children's Advertising Review Unit (CARU) of the Council of Better Business Bureaus also offers assistance at http://www.caru.org/program/index.asp.