Company Pays FTC Fine to Settle Lawsuit Over Its Data Collection From Children
Iconix Brand Group has agreed to pay $250,000 to settle a Federal Trade Commission complaint that the company violated a federal law banning collection of data about children without their parents' consent.
The FTC alleged that since 2006, Iconix collected personal information from children on sites for youthful clothing and accessory brands like Candies, Mudd and Bongo. The complaint and proposed settlement were made public Tuesday.
In its complaint, the FTC alleges that Iconix collected registration information, including birthdates, of at least 1,000 children age 12 and under and then sent them newsletters and enrolled them in sweepstakes. The FTC also alleged that Iconix allowed users under 13 to upload their photos and post personal information about themselves.
The commission said these alleged practices violated the Children's Online Privacy Protection Act, or COPPA, which bans marketers from amassing or spreading personal data about children without their parents' permission.
In addition to promising to pay $250,000, Iconix agreed to destroy data collected in violation of federal law and to comply with the privacy law in the future. Iconix didn't admit wrongdoing as part of the settlement. The company said in a statement that it "believes that any non-compliance was inadvertent and did not result in any harm to children or other users of its sites," but agreed to the settlement to avoid a protracted dispute.
The case marks the 14th time that the FTC has brought an action to enforce the Children's Online Privacy Protection Act. Most recently, Sony BMG Music agreed last December to pay $1 million for allegedly collecting names and other personal information from at least 30,000 children.
Overall, the FTC has collected $3 million in civil penalties since the law went into effect in 2000.
Phyllis Marcus, a senior staff attorney with the commission, attributes the alleged violations more to inattentiveness than a deliberate attempt to market to children. "Often the companies intend to comply with COPPA, but then build out functionalities that don't comport with their privacy policies and don't test how the sites are actually functioning," she says.