A coalition of advocates will file Federal Trade Commission complaints on Wednesday alleging that five companies with Web sites aimed at kids
are violating a federal privacy law by running viral marketing campaigns.
The sites -- McDonald's HappyMeal.com, General Mills' ReesesPuffs.com and TrixWorld.com, Doctor's Associates’ SubwayKids.com, Viacom's Nick.com, and Turner Broadcasting's CartoonNetwork.com --
allegedly collect email addresses of children as part of refer-a-friend marketing campaigns, according to the complaints.
The sites aren't accused of asking children for their own email
addresses, but for the email addresses of their friends -- all presumably under 13.
According to the complaints, the sites typically offer games (or activities) for kids to engage in
themselves, and also to share with friends. For instance, at McDonald's HappyMeal.com, kids can play the game "Suzi Van Zoom," in which "Suzi" rides a bicycle through a zoo. After the game ends,
players can invite friends. Those who do are asked for friends' email addresses, according to the complaint.
The groups argue that collecting the email addresses violates the Children's Online
Privacy Protection Act, which prohibits operators of Web sites aimed at children from collecting personally identifiable information of kids under 13 without their parents' consent.
"None of
the companies subject to these complaints provide sufficient notice of their collection of email addresses from children. These companies also do not make any effort to obtain verifiable parental
consent prior to collection and use of the children's email addresses," the groups say in a letter to the FTC accompanying the complaints.
But COPPA has an exception for sites that collect
information for one-time use and then discard it. At least some of the sites mentioned in the complaint likely will argue that they fit within that exception.
At Nick.com, for instance,
someone familiar with online services says the company does not store or record email addresses gathered in connection with its send-to-a-friend feature.
The advocates who filed the complaint
counter that the exception only applies when children submit their own email addresses, not those of other children.
Complicating the issue, the FTC's frequently-asked-questions guide to COPPA
says that site operators can allow one-time collection of email addresses in order to allow "children to forward items of interest" to their friends. But the FTC also says that sites are only eligible
for that exception if they don't collect full names.
The advocates say that guidance doesn't apply to advergames. They also say that some of the sites don't meet the criteria for the exception
because they allow children to submit the first and last names of themselves or their friends.
In addition to arguing that the sites violate COPPA, the advocates criticize the sites for
allegedly placing tracking cookies on computers of the children who visit as well as computers of friends who click on links in refer-a-friend emails.
Doing so is legal, but the FTC is
considering expanding the COPPA regulations to prohibit Web site operators from using cookies to track children -- even without knowing their names. The groups urge the FTC to adopt such a rule. "The
tracking of children's Internet activity by using cookies and persistent identifiers for the purpose of targeting advertisements to those children is at odds with COPPA," they say.
The
complaints are being filed by 17 groups, including Center for Digital Democracy, American Academy of Child and Adolescent Psychiatry, Consumer Federation of America and Center for Science in the
Public Interest.