Privacy & Security

SpongeBob App Violates Child Privacy Laws, Complaint Says

By Mike Bock — December 18, 2012 1 min read
  • Save to favorites
  • Print

A formal complaint issued Monday from the Center for Digital Democracy alleges that Spongebob Diner Dash, a mobile game aimed at children, violates the Children’s Online Privacy Protection Act by collecting personal information about kids. The complaint also says the free app based on the popular Nickelodeon character and developed by mobile gaming company GameFirst, encourages users to purchase in-game added features without parental consent.

The Children’s Online Privacy Protection Act requires that websites obtain a parent’s permission before collecting personal details, such as home addresses or e-mail addresses, from children under 13. Though illegal, the Federal Trade Commission says the practice is relatively common, as website owners often use loopholes to gain children’s personal information, or simply ignore the requirement altogether.

But even though the game’s description in Apple’s app store lists privacy protocols, the Federal Trade Commission claims otherwise. From the Center for Digital Democracy press release:

As the complaint documents, Nickelodeon and PlayFirst engage in deceptive acts by representing in the privacy disclosure on the Apple App Store that the app’s “data collection is in accordance with applicable law, such as COPPA,” when in fact it is not. The SpongeBob Diner Dash game asks children to provide a wide range of personal information, including full name, email address, and other online contact information, without providing notice to parents or obtaining prior parental consent, as required by the Children’s Online Privacy Protection Act. Nor does the app provide an adequate description of the personal information it collects or how it is used. The filing asks the FTC to investigate the app’s data collection and privacy notice practices, including its use of mobile marketing technologies such as unique device identifiers (UDIDs) and “device tokens,” which enable companies to send custom messages to individual children in the form of “push notifications.” These forms of “online contact information” are considered personal information under current COPPA rules.”

Last week, the FTC released a report titled “Mobile Apps for Kids: Disclosures Still Not Making the Grade”, which identified a number of practices used by gaming companies that ignore or otherwise violate the Children’s Online Privacy Protection Act. The FTC also announced it is launching a number of investigations into whether “certain entities in the mobile app marketplace” are collecting personal information.

In addition, a recent survey from the FTC concluded that parents overwhelmingly disapprove of advertisers and website operators collecting and using information about a child’s activities online for marketing purposes.

A version of this news article first appeared in the Digital Education blog.