Nickelodeon’s Mobile SpongeBob Game Violates the Children’s Online Privacy Protection Act, Says New Complaint to FTC

Center for Digital Democracy Charges that Nickelodeon’s Mobile SpongeBob Game Violates the Children’s Online Privacy Protection Act Urges Federal Trade Commission to Investigate and Bring Action Against the Leading Children’s Cable Channel Nickelodeon and PlayFirst Don’t Play Fair, Collecting Personal Information from Kids and Inducing In-Game Purchases Washington, DC: The Center for Digital Democracy (CDD) filed a complaint today asking the Federal Trade Commission (FTC) to investigate and bring action against cable network Nickelodeon and mobile game-maker PlayFirst for deceptive marketing of the SpongeBob Diner Dash game and for violating the Children’s Online Privacy Protection Act (COPPA). The mobile game, which is featured as a free iPhone and iPad app in the “Kids Games” section of Apple’s iTunes store, is based on characters from the popular “SpongeBob SquarePants” cable show (which for the past 12 years has been the most-watched television program for kids ages 2-11). The app store description assures consumers that the game complies with COPPA. However, as CDD’s filing documents, Nickelodeon and PlayFirst engage in several practices that are clear violations of the children’s privacy law. The objective of the game is for children to help SpongeBob “seat, serve, and satisfy all kinds of fishy customers in five colorful Bikini Bottom restaurants,” run by the greedy, selfish Mr. Krabs from the show. SpongeBob Diner Dash is a “freemium” game, which can be initially downloaded for free, but is designed to encourage users to buy virtual “coins” that can be spent on items such as shoes that make SpongeBob walk faster, or a frying pan that makes the food cook faster. Children are also prompted to spend more money to buy upgraded versions of the game. As the complaint documents, Nickelodeon and PlayFirst engage in deceptive acts by representing in the privacy disclosure on the Apple App Store that the app’s “data collection is in accordance with applicable law, such as COPPA,” when in fact it is not. The SpongeBob Diner Dash game asks children to provide a wide range of personal information, including full name, email address, and other online contact information, without providing notice to parents or obtaining prior parental consent, as required by the Children’s Online Privacy Protection Act. Nor does the app provide an adequate description of the personal information it collects or how it is used. The filing asks the FTC to investigate the apps’ data collection and privacy notice practices, including its use of mobile marketing technologies such as unique device identifiers (UDIDs) and “device tokens,” which enable companies to send custom messages to individual children in the form of “push notifications.” These forms of “online contact information” are considered personal information under current COPPA rules. “It is disturbing to learn that a well known children’s brand such as Nickelodeon is flouting basic privacy protections for children. Even more troubling, Nickelodeon tells parents that it complies with the law protecting children’s privacy when it does not” commented Laura Moy, an attorney at Georgetown Law’s Institute for Public Representation (IPR), which prepared the complaint on behalf of CDD. Moy urged that “the FTC take action to ensure that all companies targeting mobile apps to kids are complying with the law.” “It is clear that this is not an isolated incident,” said Jeff Chester, CDD’s Executive Director. “As the FTC report last week on children’s mobile apps revealed, this industry is not taking seriously its obligations under COPPA. The Commission needs to step up its enforcement actions and adopt new rules that will address the growing threats to children’s privacy in the expanding mobile marketplace.” A copy of CDD’s request is available at (link is external) —30—