Computerworld: Texas AG Sues Two Sites for Children’s Privacy Violations

Texas Attorney General Gregg Abbott has sued two Web sites that cater to children for failing to take adequate measures to protect their identities and personal information.

The lawsuits are the first in the U.S. to be brought under the Children’s Online Privacy Protection Act (COPPA) of 1998 and highlight the many privacy pitfalls facing minors that the law is designed to address.

COPPA requires Web sites to implement controls for obtaining verifiable parental consent before information can be gathered from children. The law also prohibits sites from requiring children to disclose an excessive amount of personal information as a precondition for participating in online games and activities.

“Federal law provides important protections to prevent children from divulging sensitive personal information and to shield them from inappropriate sexual or violent content online,” Abbott said in statement. According to him, the two Web sites his office has targeted — TheDollPalace.com and Gamesradar.com — are in violation of COPPA because they failed to include necessary disclosures and obtain parental consent before collecting personal information from children.

A spokesman from Future US Inc., which operates Gamesradar.com, said the company had not yet seen the lawsuit and couldn’t comment on it. No contact phone information was listed on TheDollPalace.com. An e-mail requesting comment did not get an immediate reply.

Court documents filed this week in the U.S. District Court in Austin, described Doll Palace as a foreign corporation with offices in New York.

In his compliant, Abbott alleges that the Doll Palace routinely collected a large amount of data from children, many of whom were under 13, as part of the registration process. Abbott claimed that most of the information was obtained without adequate verification of parental consent and little disclosure about the kind of information that was being collected and the purposes for which it was used. He also said the company did not comply with COPPA requirements on how the collected data could be used.

That information included the children’s first and last names, their e-mail addresses, dates of birth, zip codes and gender. Registered members who wanted to participate in a so-called Friends feature on the site were required to fill out a 10-page questionnaire that sought details such as the height, eye color, personal habits, access to Internet, the types of persons they were interested in meeting and even whether they would like to meet someone older than themselves.

The Friends section allows members to search for other Doll Palace members using a wide variety of attributes, including those who live within five miles of the member doing the searching. The search results themselves often contained detailed information from the 10-page questionnaire and included the e-mail addresses, contact information and IM handles of the children, he said.

“The privacy implications and danger posed by this site, especially for users under the age of 13, are self-evident,” Abbott noted.

Many of the same COPPA violations were cited by Abbott in his complaint against Future US. Its Gamesradar.com site, which is targeted at individuals with an interest in video games on multiple platforms, includes content or allows access to content inappropriate for young children. That includes violent content and downloads that modify games to make characters appear nude. Though the site ostensibly did not collect information from children under the age of 13, it encouraged and collected information from individuals who the company should clearly have known were that young, the brief alleged.

Like TheDollPalace.com, Gamesradar.com did not obtain verifiable consent from the parents of the children it was gathering information from, nor did it give them a chance to review the data or pull it back, the suit alleged.

The lawsuits shine a much-needed spotlight on children’s privacy issues at a time when a broader online privacy debate seems to have been ignited by the recent Facebook controversy, said Kathryn Montgomery, professor of communication at American University in Washington.

“I’m glad they are doing it,” Montgomery said, referring to the lawsuits. “Many of the big companies are in compliance with COPPA, but there are a lot of Web sites for kids that may not be following established law for protecting children’s privacy.”

By Jaikumar Vijayan, Computerworld (US online)