App developer Jam City has agreed to pay $1.4 million to settle charges that it violated California privacy law by not offering opt-out mechanisms in its free gaming apps, and by
failing to obtain affirmative consent before sharing personal data of users under 16.
Jam City, which offers Harry Potter: Hogwarts Mystery, Cookie Jam, Panda Pop and
other games, allegedly collected advertising and analytics data including users' device identifiers, IP addresses, and information about in-game purchases.
The developer
"discloses this consumer personal information to third-party companies for advertising and analytics," Attorney General Rob Bonta alleged in a complaint unveiled late last week.
"These companies in turn
use the personal information, as well as data collected across different websites, apps, and music, podcast, and TV streaming services for cross-context behavioral advertising," Bonta's office
added.
advertisement
advertisement
The complaint alleges that Jam City didn't provide an opt-out link on its website, or within any of its apps. Instead, the company allegedly said in its privacy policy
that people who wanted to avoid online ad targeting could do so by sending an email to ccpaoutout@jamcity.com.
Jam City did not admit to the allegations or admit liability.
The settlement, which was granted
court approval late last week, also requires the company to implement a "consumer-friendly, easy to execute opt-out process" and to refrain from collecting data from teens under 16 without opt-in
consent, among other terms.
News of the deal comes around three weeks after Sling TV agreed to pay $530,000 settle charges that it failed to offer consumers a simple way to opt
out of the use of their data for advertising, and failed to provide "sufficient privacy protections" for children.