FTC Rips Into RockYou for Violating Kids’ Privacy

Social gamer must pay a $250,000 penalty

The Federal Trade Commission continues to show it has enforcement teeth when it comes to protecting children's privacy and data security. The agency ripped into RockYou Tuesday, announcing a settlement with the social gamer for violating the Children's Online Privacy Protection Act, which bars companies from collecting personal information from children under 13 without their parents' permission.

As part of the settlement, RockYou must pay a $250,000 civil penalty to settle charges and delete any information it collected from about 179,000 children. RockYou must also implement and maintain a data security program, post a privacy policy that is "clear, understandable and complete," and submit to third-party independent audits every other year for the next 20 years. According to the FTC complaint, RockYou collected 32 million children's email addresses and passwords, which were required by the website in order save photo slideshows that accessed music and captioning features. The RockYou case is the FTC's 19th under Coppa. Since the statute became law 11 years ago, the FTC has collected more than $6.6 million in civil penalties. "The case against RockYou is part of the FTC's ongoing effort to make sure companies live up to the privacy promises they make to consumers, and that kids' information isn't collected or shared online without their parents' consent," the FTC said in a statement.

The FTC is currently considering updates to Coppa, which expand the definition of personally identifiable information to include geolocation. It is also turning its attention to children's mobile apps.

Publish date: March 27, 2012 https://stage.adweek.com/digital/ftc-rips-rockyou-violating-kids-privacy-139232/ © 2020 Adweek, LLC. - All Rights Reserved and NOT FOR REPRINT