Skip to main content

Way back in Marketing 101, we learned that consumers factor a number of features into their purchase decisions: price, performance, product positioning, and personal preference, to name just a few. The FTC’s proposed settlement with game developer Miniclip serves as a reminder of another important alliterative consideration for many consumers: privacy. The company claimed it was a current member of a Children’s Online Privacy Protection Rule’s safe harbor program – a representation the FTC says was false.

Most companies are (we hope) familiar with the compliance basics of the Children’s Online Privacy Protection Act Rule. Among other things, the COPPA Rule requires that operators of commercial websites and online services directed to children under 13, or general audience websites and online services that knowingly collect personal information from kids under 13, post their privacy policies prominently, notify parents about their information practices, and get parental consent before collecting, using, or disclosing personal information from their kids.

The COPPA Rule includes a safe harbor provision that allows industry groups and others to seek FTC approval for self-regulatory guidelines that implement protections that are “the same or greater” than the COPPA Rule. A company is deemed to be in compliance with COPPA if it’s a member of an FTC-approved COPPA safe harbor program and honor its guidelines.

Which brings us back to complaint allegations against Miniclip. The company joined the Children’s Advertising Review Unit’s safe harbor program in 2009 and remained a member until 2015, when CARU terminated Miniclip’s participation. But according to the FTC, until mid-2019, Miniclip continued to say this on its website:

In recognition of our focus on the quality and safety of our content, we have been accepted to join the CARU Kids Privacy Safe Harbor Program and have been certified as COPPA compliant.

And again until mid-2019, here’s what it claimed on its Facebook games privacy policy page:

Miniclip is a Certified Participant of the Better Business Bureau’s, CARU Kids Privacy Safe Harbor Program . . . . The information practices of have been reviewed and meet the standards of the Children's Advertising Review Unit’s Kid’s Privacy Safe Harbor Program.

The complaint alleges that Miniclip violated the FTC Act by falsely representing it was a current participant in CARU’s COPPA safe harbor program. Under the proposed order, Miniclip is prohibited from misrepresenting its participation or certification in any privacy or security program sponsored by a government or any self-regulatory organization. Once the settlement runs in the Federal Register, you’ll have 30 days to file public comments with the FTC.

The case offers two takeaway tips for businesses.

Truth-in-advertising principles extend beyond product performance.  Of course, your widget must do what you say it does. But other claims you make – including representations about your privacy practices or your adherence to self-regulatory frameworks – aren’t just window dressing. They, too, are objective claims that also need appropriate substantiation.

Re-re-read your privacy policies and other disclosures.  Drafting your company’s privacy policies – both on your website and on other sites – isn’t a one-and-done box to check off your TO DO list. It’s a living, breathing document that has to keep up with changes in your business practices. Review your privacy policies and other disclosures periodically to make sure they’re up to date.


It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

Get Business Blog updates