Feeds

Snack companies fined $185,000 for violating kids' online privacy

Hershey Foods and Mrs Fields Cookies taken to task by FTC

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

American snack companies Hershey Foods and Mrs Fields Cookies have been fined $85,000 and $100,000 respectively for violating children's privacy on their websites.

The hefty fines were issued by the Federal Trade Commission after it decided both companies had broken the Children's Online Privacy Protection Act (COPPA) by collecting personal information from children without first obtaining parental consent.

The penalties are the largest since the Act became law in April 2000 and show that the US government is serious about protecting kids' privacy on the Internet. Director of the FTC's Bureau of Consumer Protection, Howard Beales warned: "If your website collects personal information from children, comply with the law or face the consequences."

The law itself is tough and applies to operators of commercial websites and online services that are either aimed at children under 13 or knowingly collect personal information from children under 13. That information includes not only includes things like full name, home address, email address and telephone number but also hobbies, interests and any information collected through cookies or other tracking mechanisms if this information is in any way tied to an individual.

Mrs. Fields' sites mrsfields.com, pretzeltime.com, and pretzelmaker.com provided birthday greetings and free cookie coupons to kids and recorded the full name, address, email address and birth date from over 84,000 children as part of the service. However, while it did not disclose the information to any third parties, it didn't obtain parental consent before picking up the information.

Hershey - famous for its Hershey bar - has over 30 websites, many of which are aimed at kids. It did have an online consent form which it asked kids to get their parents to fill in. However, the FTC alleges, the company collected personal data from the child whether or not the form was actually filled in. By fining it, the FTC extended COPPA for the first time into the method that a company uses for consent.

The sites were also done for not posting adequate privacy policies about what information was collected and how it would be used, as well as not providing "reasonable means" for parents to review the information collected from their kids, delete it if they wish and refuse any future use of it.

Both companies have been ordered to delete the information they collected, promise no future violations and, significantly, keep records that will allow the FTC to monitor their sites' compliance.

Kids protection groups are, naturally, delighted. Ms Parry Aftab, a lawyer and executive director of WiredSafety.org and its kids version, WiredKids.org, put out a press release stating: "COPPA is a powerful tool in the online safety and privacy arsenal. There is no excuse for large corporations not to comply with COPPA. In the three years since its effective date, parents have learned to rely on this law to help them oversee how and with whom their children's personal information is shared, as well as how it will be used and protected. Our children's privacy is key to their safety."

It is safe to assume that most people will be in favour of protecting kids' privacy online, especially since many children will unwittingly give away identifiable information, and the FTC has certainly given this a huge boost by choosing to make an example of two companies with household names. Good news all round. ®

Related Links
The FTC decision
How to comply with COPPA (dull version)
How to comply with COPPA (kool version)

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.