FTC Announces Settlements with Web Sites That Collected Children's Personal Data Without Parental Permission

Three Web Operators Agree to Pay Civil Penalties to Settle Violations of the Children's Online Privacy Protection Act

Marking the first anniversary of the effective date of the Children's Online Privacy Protection Act, the Federal Trade Commission announced settlements with three Web operators for violations of the Children's Online Privacy Protection Rule (COPPA Rule). The FTC charged Monarch Services, Inc. and Girls Life, Inc., operators of www.girlslife.com; Bigmailbox.com, Inc., and Nolan Quan, operators of www.bigmailbox.com; and Looksmart Ltd., operator of www.insidetheweb.com with illegally collecting personally identifying information from children under 13 years of age without parental consent, in violation of the COPPA Rule. To settle the FTC charges, the companies together will pay a total of $100,000 in civil penalties for their COPPA violations. In addition to the requirement that these companies comply with COPPA in connection with any future online collection of personally identifying information from children under 13, the settlements require the operators to delete all personally identifying information collected from children online at any time since the Rule's effective date. These cases mark the first civil penalty cases the FTC has brought under the COPPA Rule.

The Children's Online Privacy Protection Act became effective on April 21, 2000. The Act applies to operators of commercial Web sites and online services directed to children under 13, and to general audience sites that knowingly collect personal information from children. The Rule requires that Web sites post a complete privacy policy, and directly notify parents of their information collection practices and get verifiable parental consent before they collect children's personal information or share that information with others. In the year since the COPPA became effective, the FTC has undertaken an extensive campaign to educate web businesses about the Rule's requirements, including publishing business guidelines and hosting compliance seminars. In July 2000, the FTC followed up by sending e-mails to scores of children's Web sites to alert them to COPPA's requirements for Web sites collecting personally identifiable information from children under 13.

Pointing to a study showing that 91 percent of children's Web sites now post a privacy policy compared to just 24 percent in 1998, Jodie Bernstein, Director of the FTC's Bureau of Consumer Protection said, "The Children's Online Privacy Protection Act was enacted with the support of both industry and consumer groups to ensure that parents have a say in what information is collected from their children. We're encouraged by the progress industry has made in the past year in complying with COPPA, and as the cases announced today demonstrate, we intend to take enforcement action against those who don't."

The Girlslife.com Web site targets girls aged 9 to 14, offering features such as online articles and advice columns, contests, and pen-pal opportunities. Partnering with BigMailbox.com and Looksmart Ltd., it also offered children free e-mail accounts and online message boards. The FTC alleged that each of the defendants collected personal information from children, including such things as full name and home address, e-mail addresses and telephone numbers. None of the Web sites posted privacy policies that complied with the Act or obtained the required consent from parents prior to the collection of their children's personally identifiable information, as required by COPPA. In addition, the BigMailbox privacy policy falsely claimed, among other things, that children under 13 years old could not open an e-mail account without prior parental consent.

The Web sites collected children's personal information for their own internal uses, enabled children to publicly reveal their personal information online without first obtaining parental consent, and, in the case of BigMailbox, provided children's personal information to third parties without prior parental consent. The FTC also charged that all three operators required children to disclose more personal information than was needed for participation in the activities involved, a practice that also violates COPPA.

Settlement of the cases will require each of the sites to delete all personal information collected from children since COPPA became effective. The settlements will bar future violations of COPPA and require that, in addition to posting a privacy policy that complies with the law, the sites link to the FTC site at www.ftc.gov/kidzprivacy, where consumers can find helpful information about COPPA. The BigMailbox settlement also bars the company from making deceptive claims in its privacy policy. Finally, Girlslife will pay a civil penalty of $30,000 and BigMailbox and Looksmart each will pay civil penalties in the amount of $35,000.

In a related matter, the FTC announced that the Entertainment Software Rating Board (ESRB) has been approved as a "safe harbor" program under the terms of COPPA. Safe harbor programs are industry self-regulatory guidelines that, if adhered to, are deemed to comply with the Act. This is the second safe harbor application approved by the Commission. The Children's Advertising Review Unit of the Council of Better Business Bureaus (CARU), an arm of the advertising industry's self-regulatory program won the first COPPA safe harbor approval. The Commission vote to approve ESRB's safe harbor program was 5-0.

The Commission vote to accept the proposed Stipulated Final Judgments and Orders was 5-0. They were filed by the Department of Justice at the request of the FTC, April 18. They are subject to court approval.

NOTE: Stipulated Final Judgments and Orders are for settlement purposes only and do not constitute an admission by the defendant of a law violation. Consent judgments have the force of law when signed by the judge.

Copies of the complaints and consent orders are available from the FTC's web site at http://www.ftc.gov and also from the FTC's Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint, or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357). The FTC enters Internet, telemarketing and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies worldwide.

MEDIA CONTACT:

Claudia Bourne Farrell

Office of Public Affairs

202-326-2181

STAFF CONTACT:

Toby Levin or Mamie Kresses

Bureau of Consumer Protection

202-326-3156 ir 202-326-2070

(FTC File No. 002 3375 Monarch Services, Inc. and Girls' Life, Inc.)
(FTC File No. 002 3378 Bigmailbox.com Inc. and Nolan Quan)
(FTC File No. 002 3379 Looksmart Ltd.)
(Civil Action No. Monarch Services and Girl's Life (no number at press time)
(Civil Action No. BigMailbox -- Civ. Action 01-605-A (E.D. Va.)
(Civil Action No. Looksmart -- Civ. Action 01-606-A (E.D. Va.)

(http://www.ftc.gov/opa/2001/04/girlslife.htm)