Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Consumer Privacy

FTC Announces COPPA Enforcement Action

On October 20, 2009, the FTC announced a settlement with Iconix Brand Group, Inc., pursuant to which Iconix will pay a $250,000 penalty to settle the FTC’s charges that it violated the Children’s Online Privacy Protection Act (COPPA) and the COPPA Rule by knowingly collecting, using, and disclosing personal information from children online without first obtaining their parents’ consent.

Iconix, which owns, licenses, and markets several popular apparel brands, including Mudd, Candie’s, Bongo, and OP, required consumers on many of its websites to provide personal information, including full name, email address, mailing address, and phone number, in order to receive brand updates, enter sweepstakes, and participate in other website features.  According to the FTC, one of the websites allowed consumers to share photos and personal stories online.  In connection with the collection of personal information, the websites required that consumers provide their date of birth. 


The FTC alleged that since 2006, Iconix knowingly collected, maintained, and/or disclosed personal information of approximately 1,000 children under the age of 13 without first notifying their parents or obtaining parental consent, in violation of COPPA.  Additionally, the FTC alleged that Iconix’s statements in its online privacy policy that it would not seek to collect personal information from children under 13 without prior parental consent and that it would delete any such information about which it became aware, were misrepresentations, constituting deceptive acts or practices in violation of Section 5 of the FTC Act.


The settlement order requires Iconix to pay a $250,000 civil penalty, delete all personal information collected and maintained in violation of COPPA, and comply with certain consumer education, record-keeping, and reporting requirements.


Interestingly, this appears to be a fairly large settlement amount for a relatively small number of children whose information was allegedly collected in violation of COPPA.  Previous recent FTC COPPA settlements include the 2008 Sony BMG Music settlement, which involved a $1 million civil penalty and the collection of personal information from over 30,000 children; the 2008 imbee.com settlement, involving a $130,000 civil penalty and the collection of personal information from 10,500 children; and the 2006 Xanga.com settlement, which imposed a $1 million civil penalty and involved the collection of personal information from 1.7 million children.