PogoWasRight.org

Menu
  • About
  • Privacy
Menu

Iconix Brand Group settles FTC charges it violated COPPA

Posted on October 20, 2009 by pogowasright.org

Iconix Brand Group, Inc. will pay a $250,000 civil penalty to settle Federal Trade Commission charges that it violated the Children’s Online Privacy Protection Act (COPPA) and the FTC’s  COPPA Rule by knowingly collecting, using, or disclosing personal information from children online without first obtaining their parents’ permission.

Iconix owns, licenses, and markets – both offline and online – several popular apparel brands that appeal to children and teens, including Mudd, Candie’s, Bongo, and OP. Iconix required consumers on many of its brand-specific Web sites to provide personal information, such as full name, e-mail address, zip code, and in some cases mailing address, gender, and phone number – as well as date of birth – in order to receive brand updates, enter sweepstakes contests, and participate in interactive brand-awareness campaigns and other Web site features. Since 2006, Iconix knowingly collected and stored personal information from approximately 1,000 children without first notifying their parents or obtaining parental consent, according to the FTC’s complaint. On one Web site, MyMuddWorld.com, Iconix also enabled girls to publicly share personal stories and photos online, according to the complaint.

“Companies must provide parents with the opportunity to say ‘no thanks’ to the collection and disclosure of their children’s personal information,” said FTC Chairman Jon Leibowitz. “Children’s privacy is paramount, and Iconix really missed the boat by denying parents control over their kids’ information online.”

COPPA requires operators of Web sites directed to children under 13 years old that collect personal information from them – and operators of general audience Web sites that knowingly collect personal information from children under 13 – to notify parents and obtain their consent before collecting, using, or disclosing any such information. One requirement of the COPPA Rule is that Web site operators post a privacy policy that is clear, understandable, and complete.

The Commission’s complaint also charges Iconix with violating both COPPA and the Federal Trade Commission Act by falsely stating in its privacy policy that it would not seek to collect personal information from children without obtaining prior parental consent, and that it would delete any children’s personal information about which it became aware. According to the FTC complaint, Iconix knowingly collected personal information from children without obtaining prior parental consent and did not delete it.

The settlement order requires Iconix to pay a $250,000 civil penalty. The order also specifically prohibits Iconix from violating any provision of the FTC’s COPPA Rule, and requires the company to delete all personal information collected and maintained in violation of COPPA. The company is required to distribute the order and the FTC’s “How to Comply with the Children’s Online Privacy Protection Rule” to company personnel. The order also contains standard compliance, reporting, and record-keeping provisions to help ensure the company abides by its terms.

To provide resources to parents and their children about COPPA and about children’s privacy in general, the order requires the company to link to the Commission’s www.OnGuardOnline.gov Web site on any Iconix Web site that collects or discloses children’s personal information, and on any Iconix site that offers the opportunity to upload writings or images, to create publicly viewable user profiles, or to interact online with other Iconix site visitors.

The Commission vote approving the complaint and consent order was 4-0. On behalf of FTC, the Department of Justice is filing the complaint today in the U.S. District Court for the Southern District of New York, and submitting the consent order for the court’s approval.

NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has or is being violated, and it appears to the Commission that a proceeding is in the public interest. A complaint is not a finding or ruling that the defendant has actually violated the law. A consent order is for settlement purposes only and does not constitute an admission of a law violation. Consent orders have the force of law when signed by the judge.

Category: BreachesBusinessCourtFeatured NewsOnlineU.S.Youth & Schools

Post navigation

← ChoicePoint agrees to modified court order after second data breach
U.S. Spies Buy Stake in Firm That Monitors Blogs, Tweets →

Now more than ever

Search

Contact Me

Email: [email protected]

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data
  • DOJ Seeks More Time on Tower Dumps
  • Your household smart products must respect your privacy – including your air fryer

RSS Recent Posts on DataBreaches.net

  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news
  • Tonga’s health system hit by cyberattack
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
©2025 PogoWasRight.org. All rights reserved.