An app featuring Nickelodeon's SpongeBob character unlawfully collects personal data from children, the privacy group Center for Digital Democracy alleges in a complaint filed on Monday with the Federal Trade Commission.
The "SpongeBob Diner Dash" iPhone and iPad app, aimed at young children, allegedly collects users' names, email addresses, and other online contact information, without first obtaining consent from parents.
A Nick.com spokesperson said on Monday that the company was made aware of the complaint that morning and was investigating. Later that day, the app reportedly was removed from Apple's App Store.
The CDD is asking the Federal Trade Commission to probe whether Viacom's Nickelodeon, and the game company PlayFirst (which developed Diner Dash), are violating the Children's Online Privacy Protection Act. That law prohibits operators of Web sites aimed at children from collecting personal data from kids under 13 without their parents' consent.
The SpongeBob Diner Dash app offers users a game set in virtual diner. Players must help SpongeBob take orders and wait on customers as quickly as possible. Players also are given the opportunity within the game to purchase virtual currency from the iTunes store.
The CDD says the game is obviously aimed at users under 13, given that the central character, SpongeBob SquarePants, is featured on a television show that's especially popular with children between the ages of 2 and 11.
The complaint says that players are prompted to enter seven characters of their names -- which in some cases is enough space for a first and last name. Players also are given the opportunity to enter email addresses in order to sign up for a newsletter that will offer game tips and news. "This prompt creates the expectation that the child must submit an email address to play the game," the CDD alleges. "The screen collecting the email address does not attempt to obtain verifiable parental consent. It does not even warn children to check with their parents."
The complaint comes at a time of growing scrutiny of apps aimed at children. Last week, the FTC issued a report criticizing developers for failing to inform parents about data collection practices of apps aimed at children.
Last week, the CDD's counsel, Georgetown Law's Institute for Public Representation, says in a separate letter to the FTC that the problems with Mobbles and SpongeBob Diner Dash "are representative of mobile app operators’ widespread disregard for COPPA."
The letter urges the FTC to increase enforcement of COPPA, and also to clarify that app developers must obtain parents' consent before collecting personal data from children under 13.
"Mobile app operators’ widespread noncompliance with the COPPA Rule suggests that app operators either disregard their responsibilities under COPPA because they do not fear legal repercussions for failing to meet them, or are unaware of these responsibilities altogether," the letter states.
This isn't the first time the CDD has alleged that a Viacom company violates COPPA. In August, the CDD and other groups alleged that Nick.com was one of five companies to violate COPPA by running a viral marketing campaign. In that instance, Nick.com was accused of asking children to provide email addresses of their friends.
At the time, someone familiar with Nick.com's online services said the company does not store or record email addresses gathered in connection with its feature that asked children for their friends' email addresses.