Iconix Brand Group, Inc. will pay a $250,000 civil penalty to settle Federal Trade Commission charges that it violated the Children’s Online Privacy Protection Act (COPPA) and the FTC’s COPPA Rule by knowingly collecting, using, or disclosing personal information from children online without first obtaining their parents’ permission.
Iconix owns, licenses, and markets – both offline and online – several popular apparel brands that appeal to children and teens, including Mudd, Candie’s, Bongo, and OP. Iconix required consumers on many of its brand-specific Web sites to provide personal information, such as full name, e-mail address, zip code, and in some cases mailing address, gender, and phone number – as well as date of birth – in order to receive brand updates, enter sweepstakes contests, and participate in interactive brand-awareness campaigns and other Web site features. Since 2006, Iconix knowingly collected and stored personal information from approximately 1,000 children without first notifying their parents or obtaining parental consent, according to the FTC’s complaint. On one Web site, MyMuddWorld.com, Iconix also enabled girls to publicly share personal stories and photos online, according to the complaint.
“Companies must provide parents with the opportunity to say ‘no thanks’ to the collection and disclosure of their children’s personal information,” said FTC Chairman Jon Leibowitz. “Children’s privacy is paramount, and Iconix really missed the boat by denying parents control over their kids’ information online.”
COPPA requires operators of Web sites directed to children under 13 years old that collect personal information from them – and operators of general audience Web sites that knowingly collect personal information from children under 13 – to notify parents and obtain their consent before collecting, using, or disclosing any such information. One requirement of the COPPA Rule is that Web site operators post a privacy policy that is clear, understandable, and complete.
The Commission’s complaint also charges Iconix with violating both COPPA and the Federal Trade Commission Act by falsely stating in its privacy policy that it would not seek to collect personal information from children without obtaining prior parental consent, and that it would delete any children’s personal information about which it became aware. According to the FTC complaint, Iconix knowingly collected personal information from children without obtaining prior parental consent and did not delete it.
The settlement order requires Iconix to pay a $250,000 civil penalty. The order also specifically prohibits Iconix from violating any provision of the FTC’s COPPA Rule, and requires the company to delete all personal information collected and maintained in violation of COPPA. The company is required to distribute the order and the FTC’s “How to Comply with the Children’s Online Privacy Protection Rule” to company personnel. The order also contains standard compliance, reporting, and record-keeping provisions to help ensure the company abides by its terms.
To provide resources to parents and their children about COPPA and about children’s privacy in general, the order requires the company to link to the Commission’s www.OnGuardOnline.gov Web site on any Iconix Web site that collects or discloses children’s personal information, and on any Iconix site that offers the opportunity to upload writings or images, to create publicly viewable user profiles, or to interact online with other Iconix site visitors.
The Commission vote approving the complaint and consent order was 4-0. On behalf of FTC, the Department of Justice is filing the complaint today in the U.S. District Court for the Southern District of New York, and submitting the consent order for the court’s approval.
NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has or is being violated, and it appears to the Commission that a proceeding is in the public interest. A complaint is not a finding or ruling that the defendant has actually violated the law. A consent order is for settlement purposes only and does not constitute an admission of a law violation. Consent orders have the force of law when signed by the judge.