Sony Settles with FTC over Online Privacy Violations

Sony Music has agreed to pay the Federal Trade Commission $1 million for violating the Children’s Online Privacy Protection Act (COPPA), the largest fine yet recorded for such an offence.  COPPA establishes a regulatory framework for collecting information about children on the internet and was enacted in 1998.

According to an FTC complaint filed in the U.S. District Court in Manhattan, Sony failed to provide sufficient notice of its informational practices on the sites (as well as directly to parents), failed to obtain verifiable consent prior to collecting minors’ information and failed to provide a reasonable means for parents to review the personal information collected from their children.

Much of the conduct in question arose out of the registration process on websites that offered social networking services, including private messaging, and allowed users to post photographs and videos.  In some instances, minors creating fan pages were prompted to enter their street addresses and mobile phone numbers as part of the registration process regardless of the fact that they had indicated they were under the age of 13.  Moreover, in at least 30,000 instances Sony collected or disclosed personal information about minors without first obtaining verifiable parental consent.  More violations of COPPA are alleged in the complaint, which is viewable at http://www.ftc.gov/os/caselist/0823071/081211cmp0823071.pdf.

Often, a simple age verification “click-through” button is not enough to protect a service from liability under COPPA.   If you are concerned about maintaining compliance, a legal review of your website’s terms & conditions and privacy policy would be prudent.