Feeds

Snack companies fined $185,000 for violating kids' online privacy

Hershey Foods and Mrs Fields Cookies taken to task by FTC

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

American snack companies Hershey Foods and Mrs Fields Cookies have been fined $85,000 and $100,000 respectively for violating children's privacy on their websites.

The hefty fines were issued by the Federal Trade Commission after it decided both companies had broken the Children's Online Privacy Protection Act (COPPA) by collecting personal information from children without first obtaining parental consent.

The penalties are the largest since the Act became law in April 2000 and show that the US government is serious about protecting kids' privacy on the Internet. Director of the FTC's Bureau of Consumer Protection, Howard Beales warned: "If your website collects personal information from children, comply with the law or face the consequences."

The law itself is tough and applies to operators of commercial websites and online services that are either aimed at children under 13 or knowingly collect personal information from children under 13. That information includes not only includes things like full name, home address, email address and telephone number but also hobbies, interests and any information collected through cookies or other tracking mechanisms if this information is in any way tied to an individual.

Mrs. Fields' sites mrsfields.com, pretzeltime.com, and pretzelmaker.com provided birthday greetings and free cookie coupons to kids and recorded the full name, address, email address and birth date from over 84,000 children as part of the service. However, while it did not disclose the information to any third parties, it didn't obtain parental consent before picking up the information.

Hershey - famous for its Hershey bar - has over 30 websites, many of which are aimed at kids. It did have an online consent form which it asked kids to get their parents to fill in. However, the FTC alleges, the company collected personal data from the child whether or not the form was actually filled in. By fining it, the FTC extended COPPA for the first time into the method that a company uses for consent.

The sites were also done for not posting adequate privacy policies about what information was collected and how it would be used, as well as not providing "reasonable means" for parents to review the information collected from their kids, delete it if they wish and refuse any future use of it.

Both companies have been ordered to delete the information they collected, promise no future violations and, significantly, keep records that will allow the FTC to monitor their sites' compliance.

Kids protection groups are, naturally, delighted. Ms Parry Aftab, a lawyer and executive director of WiredSafety.org and its kids version, WiredKids.org, put out a press release stating: "COPPA is a powerful tool in the online safety and privacy arsenal. There is no excuse for large corporations not to comply with COPPA. In the three years since its effective date, parents have learned to rely on this law to help them oversee how and with whom their children's personal information is shared, as well as how it will be used and protected. Our children's privacy is key to their safety."

It is safe to assume that most people will be in favour of protecting kids' privacy online, especially since many children will unwittingly give away identifiable information, and the FTC has certainly given this a huge boost by choosing to make an example of two companies with household names. Good news all round. ®

Related Links
The FTC decision
How to comply with COPPA (dull version)
How to comply with COPPA (kool version)

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
Founder (and internet passport fan) now says privacy is precious
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?