CDD Filing FTC Complaints Against Disney, Sanrio

The Center for Digital Democracy is filing complaints at the Federal Trade Commission alleging that Disney's Web site and a Hello Kitty mobile app are collecting and sharing kids online information in violation of the revised Children's Online Privacy Protection Act (COPPA).

They are the first complaints under the revised rules filed by CDD, which has been a leading voice for stronger protections for children's online information.

COPPA was revised almost a year ago to tighten regs on what and how online info can be collected from kids, including via mobile apps.

In the complaints, copies of which were obtained by B&C, CDD says is a child-directed Web site (it points out "kids" is in the name) collecting personal info from kids and sharing it with third-party marketers without adequate notice or verifiable parental consent, in violation of COPPA.

CDD says Marvel, which is owned by Disney, hasn’t updated its privacy policy to comply with COPPA, and wants the FTC to investigate and take whatever action is necessary to bring it into compliance. 

According to CDD attorneys, the complaint followed an investigation of cookies being placed on computers by the site.

In the complaint against Sanrio and its Hello Kitty Carnival mobile phone app, CDD says it is a child-directed app that Sanrio and third party advertisers use to collect personal information from kids including unique mobile device identifiers, photos and geolocation without COPPA-compliant notice or verifiable parental consent, in violation of the revised Children’s Online Privacy Protection Act.

CDD attorneys say collecting that geolocation info would likely be a violation of COPPA even before last year's changes. They want the FTC to investigate and take whatever enforcement action is necessary.

“These two complaints reveal a pattern of disturbing practices that threaten children's privacy and undermine the ability of parents to control how information is collected and used,” said Jeff Chester, executive director, CDD, of the complaints. “The new COPPA rules approved one year ago were designed to protect children from contemporary data collection practices that track consumers 24/7—on mobile phones and ‘apps,’ on social media, and when playing online games. But what we discovered is that the same powerful and pervasive data-gathering digital complex is at work on leading kids sites.”

Disney's Interactive division had not responded to a request for comment at press time, but the site does bear the self-regulatory Better Business Bureau/Children's Advertising Review Unit Kids Privacy Safe Harbor logo, meaning it is a participant in the Better Business Bureau's kids privacy safe harbor program. According to the site, that means that Marvel's information practices "have been reviewed and meet the standards of the Children's Advertising Review Unit's Kid's Privacy Safe Harbor Program."

A Sanrio spokesperson did not have a response at press time.

John Eggerton

Contributing editor John Eggerton has been an editor and/or writer on media regulation, legislation and policy for over four decades, including covering the FCC, FTC, Congress, the major media trade associations, and the federal courts. In addition to Multichannel News and Broadcasting + Cable, his work has appeared in Radio World, TV Technology, TV Fax, This Week in Consumer Electronics, Variety and the Encyclopedia Britannica.