by Mehmet Munur
The Federal Trade Commission announced an enforcement action against Skid-e-kids
and a separate enforcement action against online advertiser ScanScout
The enforcement action against Skid-e-kids resembles the enforcement action against W3 Innovations, LLC
due to its mobile application failing to pass muster under COPPA. According to the Skid-e-kids FTC complaint
The resulting consent order
requires Skid-e-kids to refrain from violating COPPA, delete the personal information from the children, and place a notice on its website with links to the On Guard Online
website. In addition, the FTC imposed a civil penalty of $100,000 but suspended all but a $1,000 of this penalty. The consent order requires Skid-e-kids to retain a privacy professional with COPPA experience to conduct assessments, retain records, and report its compliance with the consent order to the FTC.
The enforcement action against ScanScout, on the other hand, resembles the enforcement action against Chitika
. According to the FTC ‘s ScanScout complaint
, ScanScout acts as a intermediary between websites and advertisers and publishes advertising space on videos. ScanScout decides which video advertising should be delivered to which user. Unlike the Chitika enforcement action that used HTTP cookies, ScanScout used Flash Cookies from April 2007 to September 2009. At that time, deletion of browser’s HTTP cookies did not result in the deletion of Flash cookies—though since then Adobe and the major browsers have finalized APIs
stated that a user could opt out receiving a cookie by changing their browser settings. In practice, however, the users could not opt out receiving these cookies, and therefore, could not stop the tracking by ScanScout.
The resulting agreement and consent order
requires ScanScout to provide a clear and prominent method to enable users to opt out of having their data that can be associated with a particular user collected by ScanScout. This opt-out must last at least 5 years and ScanScout must display links in the advertisements it serves for this opt-out mechanism. The agreement and consent order also comes with other compliance and reporting obligations and lasts for 20 years.
Labels: Cookie, COPPA, Enforcment Action, Federal Trade Commission, Flash Cookies, FTC