Feeds

Snack companies fined $185,000 for violating kids' online privacy

Hershey Foods and Mrs Fields Cookies taken to task by FTC

  • alert
  • submit to reddit

Build a business case: developing custom apps

American snack companies Hershey Foods and Mrs Fields Cookies have been fined $85,000 and $100,000 respectively for violating children's privacy on their websites.

The hefty fines were issued by the Federal Trade Commission after it decided both companies had broken the Children's Online Privacy Protection Act (COPPA) by collecting personal information from children without first obtaining parental consent.

The penalties are the largest since the Act became law in April 2000 and show that the US government is serious about protecting kids' privacy on the Internet. Director of the FTC's Bureau of Consumer Protection, Howard Beales warned: "If your website collects personal information from children, comply with the law or face the consequences."

The law itself is tough and applies to operators of commercial websites and online services that are either aimed at children under 13 or knowingly collect personal information from children under 13. That information includes not only includes things like full name, home address, email address and telephone number but also hobbies, interests and any information collected through cookies or other tracking mechanisms if this information is in any way tied to an individual.

Mrs. Fields' sites mrsfields.com, pretzeltime.com, and pretzelmaker.com provided birthday greetings and free cookie coupons to kids and recorded the full name, address, email address and birth date from over 84,000 children as part of the service. However, while it did not disclose the information to any third parties, it didn't obtain parental consent before picking up the information.

Hershey - famous for its Hershey bar - has over 30 websites, many of which are aimed at kids. It did have an online consent form which it asked kids to get their parents to fill in. However, the FTC alleges, the company collected personal data from the child whether or not the form was actually filled in. By fining it, the FTC extended COPPA for the first time into the method that a company uses for consent.

The sites were also done for not posting adequate privacy policies about what information was collected and how it would be used, as well as not providing "reasonable means" for parents to review the information collected from their kids, delete it if they wish and refuse any future use of it.

Both companies have been ordered to delete the information they collected, promise no future violations and, significantly, keep records that will allow the FTC to monitor their sites' compliance.

Kids protection groups are, naturally, delighted. Ms Parry Aftab, a lawyer and executive director of WiredSafety.org and its kids version, WiredKids.org, put out a press release stating: "COPPA is a powerful tool in the online safety and privacy arsenal. There is no excuse for large corporations not to comply with COPPA. In the three years since its effective date, parents have learned to rely on this law to help them oversee how and with whom their children's personal information is shared, as well as how it will be used and protected. Our children's privacy is key to their safety."

It is safe to assume that most people will be in favour of protecting kids' privacy online, especially since many children will unwittingly give away identifiable information, and the FTC has certainly given this a huge boost by choosing to make an example of two companies with household names. Good news all round. ®

Related Links
The FTC decision
How to comply with COPPA (dull version)
How to comply with COPPA (kool version)

Next gen security for virtualised datacentres

More from The Register

next story
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Microsoft exits climate denier lobby group
ALEC will have to do without Redmond, it seems
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.