Skip to main content

CARU: No Longer In Privacy Self-Reg Program

Marvel Entertainment appears to have withdrawn its site from the Better Business Bureau's self-regulatory safe harbor seal of approval program.

The Center for Digital Democracy filed a complaint against the site, Marvel, and parent Disney, alleging it was not in compliance with the FTC's new Children's Online Privacy Protection Act implementation rules. It included in that complaint that the site was sporting a BBB Children's Advertising Review Unit (CARU) logo signaling it complied with self-regulatory guidelines, when, according to CDD, it was not.

"It appears that CARU is not ensuring that its members are adhering to the safe harbor requirements," CDD said in the complaint. " displays the CARU Kid’s Privacy Safe Harbor icon. This icon links to the CARU website, which confirms that “the information practices of Marvel Entertainment Inc. have been reviewed and meet the standards of [CARU’s] Kids’s Privacy Safe Harbor Program."

" has not revised its data collection practices to comply with the revised COPPA Rule, and does not provide the same or greater protections against collection of children’s information than the COPPA Rule," said CDD. "The fact that nonetheless displays the CARU icon is misleading to parents and raises questions about the effectiveness of the CARU self-regulatory process."

CARU begged to differ. A spokesperson said that Marvel decided to no longer participate in the self-regulatory program back in November and the logo should not have signified compliance after that, though they added there might have been a glitch with a site update that it would have explained to CDD had it asked before filing the complaint.

But CDD says the link was still live as recently as Dec. 17—the day it filed the complaint—leading to a CARU web page confirming that the "'information practices of Marvel Entertainment Inc. have been reviewed and meet the standards of the Children's Advertising Review Unit's Kid 's Privacy Safe Harbor Program." But it says when it checked the link again Thursday (Dec. 19) it was no longer live.

“We take our responsibility to ensure COPPA compliance seriously," said CARU Director Wayne Keeley.

"Since January 2012, we have brought 18 COPPA-related enforcement actions. We appreciate the CDD raising these concerns. However, we have not seen copies of the complaint and we do not have details about the CDD’s allegations."

"The CDD’s promise to examine other child-directed sites is an excellent reminder to companies that can expect a significant percentage of child visitors to review their privacy policies and practices in the light of COPPA revisions, which were effective July 1, 2013.  Both CARU and public-interest groups are examining such sites for compliance."

"The Federal Trade Commission has made available in-depth guidance on the revisions, which can be found at

A Marvel spokesperson had not returned a call at press time about either the initial complaint or its apparent withdrawal from the safe harbor program.