FTC: SONY BMG Will Pay $1 Million Civil Penalty For Child Privacy Breach

By Marc Handelman on December 12th, 2008

Wired’s David Kravets reports the Federal Trade Commission has fined Sony BMG Music Entertainment, a general partnership subsidiary of Sony Corporation of America (NYSE: SNE) for unlawfully garnering and publicizing personally identifiable information (including electronic media files) from kids under the age of 13. Infosecurity.US applauds the FTC in their efforts to protect the children of the United States. The Federal Trade Commission’s announcement appears after the jump.

From the complaint: “Sony BMG Music Settles Charges Its Music Fan Websites Violated the Children’s Online Privacy Protection Act”

Company Will Pay $1 Million Civil Penalty

Sony BMG Music Entertainment (Sony Music) has agreed to pay $1 million as part of a settlement to resolve Federal Trade Commission charges that it violated the Children’s Online Privacy Protection Act (COPPA) and the Commission’s implementing Rule. The Commission’s complaint alleges that, through its music fan Web sites, Sony Music improperly collected, maintained and disclosed personal information from thousands of children under the age of 13, without their parents’ consent. The civil penalty to be paid by Sony Music matches the largest penalty ever in a COPPA case.

Sony BMG Music Entertainment, a subsidiary of Sony Corporation of America, represents hundreds of popular musicians and entertainers, including numerous artists popular with children and teenagers. The company operates over 1,000 Web sites for its musical artists and labels. Sony Music requires users to submit a broad range of personal information, together with date of birth, in order to register for these sites. On 196 of these sites, Sony Music knowingly collected personal information from at least 30,000 underage children without first obtaining their parents’ consent, in violation of COPPA. Many of these sites also enable children to create personal fan pages, review artists’ albums, upload photos or videos, post comments on message boards and in online forums, and engage in private messaging. In this way, children were able to interact with Sony Music fans of all ages, including adults.

“Sites with social networking features, like any Web sites, need to get parental consent before collecting kids’ personal information,” said FTC Chairman William E. Kovacic. “Sony Music is paying the penalty for falling down on its COPPA obligations.”

COPPA prohibits unfair or deceptive acts or practices in connection with the collection, use, or disclosure of personally identifiable information from and about children under 13 on the Internet. The law requires operators to notify parents and obtain their consent before collecting, using, or disclosing children’s personal information.

The FTC’s complaint alleges that Sony Music violated COPPA by failing to provide sufficient notice on the Sony Music Web sites of what information the company collects online from children, how it uses such information, and its disclosure practices; failing to provide direct notice to parents of Sony Music’s information practices; failing to obtain verifiable parental consent; and, failing to provide a reasonable means for parents to review the personal information collected from their children and to refuse to permit its further use or maintenance.

The FTC’s complaint also charges Sony Music with violating Section 5 of the Federal Trade Commission Act by falsely stating in its privacy policy that users who indicate that they are under 13 on its Web site registration pages will be restricted from participating in Sony Music’s web page activities. In fact, Sony Music accepted registrations from children who entered a date of birth indicating that they were under 13.

The Commission’s consent order calls for Sony Music to pay a $1 million civil penalty. In addition, the order specifically prohibits Sony Music from violating any provision of the Rule, and requires it to delete all personal information collected and maintained in violation of the Rule. The company is required to distribute the order and the FTC’s “How to Comply with the Children’s Online Privacy Protection Rule” to company personnel. The order also contains standard compliance, reporting, and record keeping provisions to help ensure the company abides by its terms.

To provide resources to parents and their children about children’s privacy in general, and social networking sites in particular, the order requires Sony Music to link to certain FTC consumer education materials for the next five years. The company must include a link to the children’s privacy section of the Commission’s www.ftc.gov Web site on any site it operates that is subject to COPPA. In addition, Sony Music must include links to the social networking section of the Commission’s www.onguardonline.gov web site on any of its sites that offer users the opportunity to create publicly viewable profiles.

The Commission vote approving the complaint and consent order was 4-0. On December 10, 2008, the Department of Justice, on behalf of the FTC, filed the complaint in the U.S. District Court for the Southern District of New York and submitted the consent decree for the court’s approval.

NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has or is being violated, and it appears to the Commission that a proceeding is in the public interest. A complaint is not a finding or ruling that the defendant has actually violated the law.

NOTE: Consent orders are for settlement purposes only and do not necessarily constitute an admission by the defendant of a law violation. Consent orders have the force of law when signed by the judge.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.