On September 8, 2011, the U.S. District Court for the Northern California entered a Consent Decree and Order for Civil Penalties, Injunction and Other Relief against a mobile apps developer, W3 Innovations LLC, and its owner, Justin Maples.
There are several commentaries about this that immediately jump to mind. First, the enforcement action was brought by the Federal Trade Commission (“FTC”) against the corporate entity, W3 Innovations LLC, and personally against its officer and owner Justin Maples. This poses a question about the limited liability protection of a corporate entity and why it was pierced in this case. Second, this action is the first FTC action against mobile apps developers, and it sends (or at least should send) a strong message to the whole developers community. Third, in my opinion, this situation could have been avoided if Justin Maples retained a good intellectual property lawyer before launching the apps (a good IP lawyer should be familiar with the Children’s Online Privacy Protection Act (“COPPA”)). Many start-up owners avoid extra costs by not consulting attorneys, but expose themselves to large financial risks later on. Most often, as in this case, such risks could easily be avoided.
According to the FTC press release and the Consent Decree, each available here (http://www.ftc.gov/os/caselist/1023251/110908w3order.pdf and http://www.ftc.gov/opa/2011/08/w3mobileapps.shtm), the FTC charged the defendants with violating COPPA by illegally collecting and disclosing personal information from thousands of children under age 13 without their parents’ consent. In fact, there were over 50,000 downloads of the games that collected personal information. As part of settlement, the defendants agreed to pay a $50,000 penalty, among other things.
The “Emily” apps developed by W3 Innovations allowed children to create virtual models and design outfits. The apps then encouraged kids to email “Emily” their comments and submit blogs via email. The FTC alleged that the defendants collected and maintained thousands of email addresses of the app users. The apps also allowed kids to post information, including personal information, on message boards.
According to the FTC, the defendants did not disclose their practices and did not ask for parental consent before they collected, used and disclosed their children’s personal information. Please note that the Consent Decree is a settlement, and does not constitute an admission by defendants of violation of the law.
There are many lessons to be learned here. For mobile developers and website owners: please create, review, update and disclose your privacy policies. These are not just boilerplate documents that can be copied from another site. For parents: check what games your kids are playing and what are the information collection practices of every app and every website that your children frequent.
Please note that this is not a legal advice and is for general informational purposes only.