The operators of imbee.com, a social networking site specifically targeting kids and “tweens,” have agreed to settle Federal Trade Commission charges that their data-collection practices violated federal law. The settlement bars future violations of the Children’s Online Privacy Protection Act (COPPA) and the Commission’s implementing rule, requires that the defendants delete all personal information they collected and maintained in violation of the law, and provides for a $130,000 civil penalty.
Industrious Kid, Inc., and owner Jeanette Symons, promoted the imbee.com Web site as a “free, secure, social networking and blogging destination specifically designed for kids ages 8 to 14.” In addition, the Web site was promoted as “purposely designed to ensure the greatest level of safety and satisfaction for young members,” and as “safer than other social networking sites.”According to the FTC, imbee.com collected and maintained personal information from children under the age of 13 without first notifying parents and obtaining their consent.
COPPA prohibits unfair or deceptive acts or practices in connection with the collection, use, or disclosure of personally identifiable information from and about children on the Internet. The statute gives parents the power to determine whether and what information is collected online from their children under age 13, and how such information may be used. In general, COPPA prohibits operators of child-directed Web sites from collecting personal information from children without first obtaining parental consent.
According to the FTC’s complaint, imbee enabled more than 10,500 children to create imbee accounts by submitting their first and last names, dates of birth, personal e-mail addresses, parents' e-mail addresses, gender, user-names and passwords prior to the site’s providing notice to parents or obtaining their consent. Children who registered also were able to create and post text, photographs, and other content on their personal imbee blog pages, which could not be viewed by others until the parent had completed the registration process. After a child registered with imbee.com, the site sent an e-mail to the child’s parent asking the parent to complete the registration process and allow the child full access to the imbee site. When the parent did not respond to imbee’s e-mail notification or complete the registration process, the site nonetheless maintained the child’s personal information.
The FTC complaint alleged that the defendants violated COPPA and the COPPA implementing rule by failing to obtain verifiable parental consent before any collection of personal information from children; failing to provide sufficient notice of what information they collected online from children, and the site’s information use and disclosure practices and other required content; and failing to provide sufficient notice of the types of personal information they had collected from children prior to obtaining verifiable parental consent.
The Commission’s consent order calls for the defendants, Industrious Kid, Inc. and Jeanette Symons, to pay a $130,000 civil penalty. In addition, the order specifically prohibits the defendants from violating any provision of the Rule, and requires them to delete all personal information collected and maintained in violation of the Rule. The defendants are required to distribute the order and the FTC’s “How to Comply with the Children’s Online Privacy Protection Rule” to company personnel. The order also contains standard compliance, reporting, and record keeping provisions to help ensure the defendants abide by its terms.
To provide resources to parents and their children about children’s privacy in general, and social networking sites in particular, the order requires the defendants to link to certain FTC consumer education materials for the next five years. The defendants must include a link to the children’s privacy section of the Commission’s www.ftc.gov site on any site they operate that is subject to COPPA. In addition, the defendants must include links to the Commission’s safety tips for social networking on any of their social networking sites.
Imbee recently altered its information practices and now participates in the Kid’s Privacy Safe Harbor Program of CARU, the Children’s Advertising Review Unit of the Council of Better Business Bureaus.
The Commission vote approving the complaint and consent order was 5-0. The complaint was filed by the Department of Justice on the FTC’s behalf on January 28, 2008, in the U.S. District Court for the Northern District of California; the consent decree was filed on January 30, 2008.
NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has or is being violated, and it appears to the Commission that a proceeding is in the public interest. A complaint is not a finding or ruling that the defendants have actually violated the law.
NOTE: Consent orders are for settlement purposes only and do not necessarily constitute an admission by the defendants of a law violation. Consent orders have the force of law when signed by the judge.
The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, click http://www.ftc.gov/ftc/complaint.shtm or call 1-877-382-4357. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to more than 1,600 civil and criminal law enforcement agencies in the U.S. and abroad. For free information on a variety of consumer topics, click http://ftc.gov/bcp/consumer.shtm.