Sunday, October 7, 2012

Artist Arena pays $1 Million to Settle FTC COPPA Charges That It Illegally Collected Children’s Information

On October 4th, 2012, the Federal Trade Commission (FTC) and Artist Arena, a company that runs celebrity Web sites for music stars Justin Bieber, Rihanna, Demi Lovato, and Selena Gomez have agreed to settle for $1 million. The FTC charges that Artist Arena violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children under the age of 13, including names, addresses, email addresses, birthdates, and gender without notifying parents and obtaining their consent.

The FTC’s COPPA Rule requires that Web site operators notify parents and obtain their consent before they collect, use or disclose personal information from children under the age of 13. The settlement will impose a $1 million civil penalty on Artist Arena, bar future violations of the rule, and require that Artist Arena delete information collected in violation of the rule. In addition, for the next five years Artist Arena must prominently display a link to the federal Web site, http://www.onguardonline.gov/, in places where they collect personal data. Artist Arena also agreed to strict record keeping and compliance monitoring requirements over the next ten years.

The FTC alleges that Artist Arena, which is owned by Warner Music Group, knowingly registered over 25,000 children under the age of 13 and maintained personal information from almost 75,000 additional children who began, but did not complete, the registration process. The company falsely claimed it would not activate a registration nor collect children’s personal information without prior parental consent. Artist Arena has neither admitted nor denied the allegations but no longer allows children under the age of 13 to register as members of their fan sites.

The FTC Chairman, Jon Leibowitz, said:

“Marketers need to know that even a bad case of Bieber Fever doesn’t excuse their legal obligation to get parental consent before collecting personal information from children. The FTC is in the process of updating the COPPA Rule to ensure that it continues to protect kids growing up in the digital age.”

Businesspeople who want to learn about COPPA and how they can comply can visit You, Your Privacy Policy and COPPA - How to Comply with the Children's Online Privacy Protection Act for more information.

The complaint in its entirety can be viewed here. The consent decree, order for civil penalties, injunction, and other relief can be viewed here.

(Written by Jeff Wells, Fall 2012 IBLT Entrepreneurship Assistance Fellow)

Thursday, October 4, 2012

Recent Trend: States Protect Individuals from Employers' and Universities' Logging into Their Social Media Accounts

California recently passed a law that protects individuals from having to give potential employers their login credentials for various social media accounts. The law also prohibits universities from demanding the information from prospective students. The California law is a recent example of numerous states’ laws designed to protect employees/potential employees and students/prospective students.

The text of the employer law itself gives an incredibly broad definition of social media:
As used in this chapter, ‘social media’ means an electronic service or account, or electronic content, including, but not limited to, videos, still photographs, blogs, video blogs, podcasts, instant and text messages, email, online services or accounts, or Internet Web site profiles or locations.

The student protection bill has a slightly different definition of social media:

As used in this chapter, ‘social media’ means an electronic medium where users may create, share, and view user-generated content, including uploading or downloading videos or still photographs, blogs, video blogs, podcasts, instant messages, or Internet Web site profiles or locations.

 While the two definitions are different, they seemingly cover the same types of social media and should be broad enough to cover all forms of social media existing or possibly created in the future.

Maryland was the first state to enact a law of this type, in May of 2012, and the provisions have gone into effect as of October 1, 2012. The law goes about protecting employees by not defining social media, but by protecting employees’ personal accounts.

Several other states have created laws protecting similar employees’ social media accounts, such as Illinois and Delaware. Several other states, including Massachusetts and New York have bills currently in the legislatures or in a committee, waiting to be passed.

The impacts of these new laws on businesses are clear. Businesses can no longer demand that employees hand over username and passwords to personal social media accounts. Therefore, in order to try to find individuals profiles and posts, employers will have to spend significantly more time and resources. The laws also show that states believe that individuals’ social media accounts are something that should be protected from employers and that this is part of a privacy right of citizens.

In addition, to state actions, the National Labor Relations Board has shown that the board is willing to step in and protect employers’ ability to use social media. A September decision by the board struck down a Costco rule that broadly limiting Costco employee use of social media. The board’s decision shows a continued effort by the federal government to protect the right of social media users.

(Written by Brett Alazraki, Fall 2012 IBLT Entrepreneurship Assistance Fellow)