FTC Settles Charges Against Kids' Apparel Brands for Alleged COPPA Violations
Remember Candie's shoes and Op shorts? The FTC announced yesterday that it has settled charges against Iconix Brand Group, the owner, licensor, and marketer of popular kids' apparel brands such as Candie’s, Op, Mudd, and Bongo, for allegedly violating the Children's Online Privacy Protection Act (COPPA). Among other things, Iconix will pay a $250,000 civil penalty. The FTC filed its complaint and submitted its consent decree and order for approval yesterday in the Southern District of New York.
The FTC charged Iconix with knowingly collecting personal information from approximately 1,000 children since 2006 without obtaining prior parental consent, and failing to delete the information. The FTC claimed that Iconix required consumers to provide personal information such as name, e-mail address, zip code, and in some cases mailing address, gender, phone number, and date of birth, in order to receive brand updates, enter sweepstakes contests, and participate in interactive brand-awareness campaigns and other Web site features. The FTC further charged Iconix with posting a privacy policy that falsely stated that it would not seek to collect personal information from children without obtaining prior parental consent and would delete any such information about which it became aware. Specifically, the privacy policy stated as follows (after the jump):
"We do not seek to collect personally identifiable information from persons under the age of 13 without prior verifiable parental consent. If we become aware that we have inadvertently received such information online from a child under the age of 13, we will delete it from our records. If you are under the age of 13, please do not submit any personally identifiable information to us. If you are the parent or guardian of a person under the age of 13 who has provided personally identifiable information to us, please inform us by contacting us at info@iconixbrand.com and we will remove such information from our database. If you are concerned about your children's use of the Site, you may use web filtering technology to supervise or limit access to the Site."
In addition to the $250,000 penalty, pursuant to the settlement, Iconix must, among other things, delete all personal information collected and maintained in violation of COPPA, distribute the settlement order and the FTC’s “How to Comply with the Children’s Online Privacy Protection Rule” to company personnel, and link to the FTC's www.OnGuardOnline.gov Web site on any Iconix Web site that collects or discloses children’s personal information and on any Iconix site that offers the opportunity to upload writings or images, create publicly viewable user profiles, or interact online with other Iconix site visitors.
Of course, this is not the first time the FTC has brought and settled COPPA charges. There have been more than a dozen COPPA enforcement cases, the most notable being a 2008 $1 million settlement with Sony BMG and a 2006 $1 million settlement with Xanga.
The FTC's most recent COPPA enforcement action is another reminder of (a) the importance of posting a privacy policy that accurately reflects a company's practices with respect to children's (and others') personal information; and (b) the need for legal, marketing, and IT to work hand-in-hand in developing kid-friendly and compliant online campaigns.