Feeds

Snack companies fined $185,000 for violating kids' online privacy

Hershey Foods and Mrs Fields Cookies taken to task by FTC

  • alert
  • submit to reddit

Internet Security Threat Report 2014

American snack companies Hershey Foods and Mrs Fields Cookies have been fined $85,000 and $100,000 respectively for violating children's privacy on their websites.

The hefty fines were issued by the Federal Trade Commission after it decided both companies had broken the Children's Online Privacy Protection Act (COPPA) by collecting personal information from children without first obtaining parental consent.

The penalties are the largest since the Act became law in April 2000 and show that the US government is serious about protecting kids' privacy on the Internet. Director of the FTC's Bureau of Consumer Protection, Howard Beales warned: "If your website collects personal information from children, comply with the law or face the consequences."

The law itself is tough and applies to operators of commercial websites and online services that are either aimed at children under 13 or knowingly collect personal information from children under 13. That information includes not only includes things like full name, home address, email address and telephone number but also hobbies, interests and any information collected through cookies or other tracking mechanisms if this information is in any way tied to an individual.

Mrs. Fields' sites mrsfields.com, pretzeltime.com, and pretzelmaker.com provided birthday greetings and free cookie coupons to kids and recorded the full name, address, email address and birth date from over 84,000 children as part of the service. However, while it did not disclose the information to any third parties, it didn't obtain parental consent before picking up the information.

Hershey - famous for its Hershey bar - has over 30 websites, many of which are aimed at kids. It did have an online consent form which it asked kids to get their parents to fill in. However, the FTC alleges, the company collected personal data from the child whether or not the form was actually filled in. By fining it, the FTC extended COPPA for the first time into the method that a company uses for consent.

The sites were also done for not posting adequate privacy policies about what information was collected and how it would be used, as well as not providing "reasonable means" for parents to review the information collected from their kids, delete it if they wish and refuse any future use of it.

Both companies have been ordered to delete the information they collected, promise no future violations and, significantly, keep records that will allow the FTC to monitor their sites' compliance.

Kids protection groups are, naturally, delighted. Ms Parry Aftab, a lawyer and executive director of WiredSafety.org and its kids version, WiredKids.org, put out a press release stating: "COPPA is a powerful tool in the online safety and privacy arsenal. There is no excuse for large corporations not to comply with COPPA. In the three years since its effective date, parents have learned to rely on this law to help them oversee how and with whom their children's personal information is shared, as well as how it will be used and protected. Our children's privacy is key to their safety."

It is safe to assume that most people will be in favour of protecting kids' privacy online, especially since many children will unwittingly give away identifiable information, and the FTC has certainly given this a huge boost by choosing to make an example of two companies with household names. Good news all round. ®

Related Links
The FTC decision
How to comply with COPPA (dull version)
How to comply with COPPA (kool version)

Providing a secure and efficient Helpdesk

More from The Register

next story
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.