This is truly shocking. Privacy advocates have been worrying about this and this is now really happening! The parent company of Broken Thumbs Apps—a prominent iOS app maker responsible for games like Zombie Duck Hunt, Truth or Dare, and Emily’s Dress Up—has today settled with the Federal Trade Commission over its apparent collection of children’s personal data in its iPhone and iPod touch apps. Though the FTC has gone after other companies for similar violations, this case is the first focused on mobile apps.
Parent company W3 Innovations was targeted with an FTC lawsuit on Friday; the settlement was announced Monday morning. In its complaint, the FTC alleges that W3 “collected, maintained, and/or disclosed personal information” entered into its various kid-targeted apps—for example, the complaint claims that the company collected and maintained a list of more than 30,000 e-mails as well as personal information from more than 300 Emily’s Girl World App users and 290 Emily’s Dress Up users.
According to the complaint, some of W3’s apps ask the kids to enter names before beginning the game. In the case of Emily’s Girl World, they are given the opportunity to leave comments on a blog related to the app, details of which are saved to W3’s archives. The FTC says that these apps were clearly marketed to children and that the company has seen more than 50,000 app downloads since it first began offering games on the iPhone and iPod touch. And because these apps send and receive information via the Internet, the FTC says they are in violation of the Children’s Online Privacy Protection Act (COPPA) and the FTC’s COPPA Rule, which requires parents to give consent before the company collects or uses the personal information of children. With W3/Broken Thumbs, parents were unaware that their kids’ details were being collected and used for marketing purposes.
W3 didn’t spend much time trying to fight the accusations—the company immediately agreed to settle, resulting in a $50,000 fine. The company has also agreed to delete all personal information that was collected in violation of the COPPA Rule and says that it won’t make any future Rule violations.