In a complaint against the company, the FTC alleges that W3 Innovations violated the Children’s Online Privacy Protection Act (COPPA) and the FTC’s COPPA rule by collecting the information without parental consent and not posting a privacy policy on its website.
“The FTC’s COPPA rule requires parental notice and consent before collecting children’s personal information online, whether through a website or a mobile app”, said FTC Chairman Jon Leibowitz. “Companies must give parents the opportunity to make smart choices when it comes to their children’s sharing of information on smart phones.”
The FTC’s complaint charged that W3 Innovations, doing business as Broken Thumbs Apps, and company president and owner Justin Maples, developed and distributed mobile apps for the iPhone and iPod touch that allow users to play games and share information online. Several of the apps, including the Emily’s Girl World, Emily’s Dress Up, Emily’s Dress Up & Shop, and Emily’s Runway High Fashion, were directed to children and were listed in the Games-Kids section of Apple’s App Store.
The agency said that there have been more than 50,000 downloads of these apps, which allowed children to play games such as Cootie Catcher and Truth or Dare and to create virtual models and design outfits. The Emily apps encouraged children to email “Emily” their comments and submit blogs to “Emily’s Blog” via email, such as “shout-outs” to friends and requests for advice. The FTC alleges that the defendants collected and maintained thousands of email addresses from users of the Emily apps.
In addition to collecting and maintaining children’s email addresses, the FTC alleges that the firm also allowed children to post information, including personal information, on public message boards. These interactive apps send and receive information via the Internet and are online services covered by the COPPA rule, according to the FTC complaint.
In addition to imposing the $50,000 penalty, the FTC settlement bars the company from future violations of the COPPA rule and requires them to delete all personal information collected in violation of the rule.