A coalition of advocates will file Federal Trade Commission complaints on Wednesday alleging that five companies with Web sites aimed at kids are violating a federal privacy law by running viral marketing campaigns.
The sites -- McDonald's HappyMeal.com, General Mills' ReesesPuffs.com and TrixWorld.com, Doctor's Associates’ SubwayKids.com, Viacom's Nick.com, and Turner Broadcasting's CartoonNetwork.com -- allegedly collect email addresses of children as part of refer-a-friend marketing campaigns, according to the complaints.
The sites aren't accused of asking children for their own email addresses, but for the email addresses of their friends -- all presumably under 13.
According to the complaints, the sites typically offer games (or activities) for kids to engage in themselves, and also to share with friends. For instance, at McDonald's HappyMeal.com, kids can play the game "Suzi Van Zoom," in which "Suzi" rides a bicycle through a zoo. After the game ends, players can invite friends. Those who do are asked for friends' email addresses, according to the complaint.
The groups argue that collecting the email addresses violates the Children's Online Privacy Protection Act, which prohibits operators of Web sites aimed at children from collecting personally identifiable information of kids under 13 without their parents' consent.
"None of the companies subject to these complaints provide sufficient notice of their collection of email addresses from children. These companies also do not make any effort to obtain verifiable parental consent prior to collection and use of the children's email addresses," the groups say in a letter to the FTC accompanying the complaints.
But COPPA has an exception for sites that collect information for one-time use and then discard it. At least some of the sites mentioned in the complaint likely will argue that they fit within that exception.
At Nick.com, for instance, someone familiar with online services says the company does not store or record email addresses gathered in connection with its send-to-a-friend feature.
The advocates who filed the complaint counter that the exception only applies when children submit their own email addresses, not those of other children.
Complicating the issue, the FTC's frequently-asked-questions guide to COPPA says that site operators can allow one-time collection of email addresses in order to allow "children to forward items of interest" to their friends. But the FTC also says that sites are only eligible for that exception if they don't collect full names.
The advocates say that guidance doesn't apply to advergames. They also say that some of the sites don't meet the criteria for the exception because they allow children to submit the first and last names of themselves or their friends.
In addition to arguing that the sites violate COPPA, the advocates criticize the sites for allegedly placing tracking cookies on computers of the children who visit as well as computers of friends who click on links in refer-a-friend emails.
Doing so is legal, but the FTC is considering expanding the COPPA regulations to prohibit Web site operators from using cookies to track children -- even without knowing their names. The groups urge the FTC to adopt such a rule. "The tracking of children's Internet activity by using cookies and persistent identifiers for the purpose of targeting advertisements to those children is at odds with COPPA," they say.
The complaints are being filed by 17 groups, including Center for Digital Democracy, American Academy of Child and Adolescent Psychiatry, Consumer Federation of America and Center for Science in the Public Interest.