Vector young girl sitting in headset playing computer game live streaming with web camera. Cute woman streamer, professional esport gamer producing video content. Cybersportswoman twicher

FTC Settles with Gaming App for False Representations about Children’s Privacy

FTC Settles with Gaming App for False Representations about Children’s Privacy

July 9, 2020

FTC Settles with Gaming App for False Representations about Children’s Privacy

By: Nicole Kardell

On July 6, 2020, the Federal Trade Commission announced a settlement with gaming app developer Miniclip S.A. The settlement addresses allegations that Miniclip falsely claimed membership in a Children’s Online Privacy Protection Act (COPPA) safe harbor program for the last several years.

Miniclip boasts more than 1 billion downloads of its 45 “high-quality mobile games” (such as Agar.io and Soccer Stars) and a further catalogue of 1,000 online games. Many of these games are directed toward young children, which is where the COPPA concerns come in. Broadly speaking, COPPA is a federal statute intended to ensure that children under 13 do not share their personal information online without the express approval of their parents. The FTC, which enforces COPPA, helps to manage compliance with the help of several FTC-approved self-regulatory safe harbor programs (currently, there are seven; these programs generally provide the same or greater protections than COPPA and ensure a level of program monitoring). If a company is a member of one of these safe harbor programs, the FTC deems the organization compliant with COPPA.

The Better Business Bureau runs one of the COPPA safe harbor programs, known as the Children’s Advertising Review Unit (CARU). Miniclip became a member of CARU in 2009, meeting CARU’s requirements and being subject to monitoring by CARU staff.  All was well for several years. Then, for reasons not made public, CARU ousted Miniclip as a participant in July 2015. But, according to the FTC’s complaint, through June/July 2019, Miniclip continued to represent in its Terms and Conditions, as well as in its Facebook Game Privacy Policy, that it was a part of CARU. These representations gave the false impression to consumers that Miniclip’s data privacy practices met CARU’s standards and were reviewed and approved by CARU.  According to the FTC, the representations therefore were false or misleading, and therefore deceptive acts that violate of Section 5(a) of the Federal Trade Commission Act.

According to the terms of the settlement, Miniclip may no longer misrepresent membership in any  government, self-regulatory, or standard-setting organization. It must also provide the FTC certain corporate details on business ownership and compliance measures and it must maintain accounting, personnel, and compliance records for ten years. The settlement terms do not seem onerous and do not contain monetary penalties. But nor does the FTC allege any actual violations of COPPA. The agency only alleges misrepresentation about participation in a safe harbor program.

One takeaway for companies is to ensure they make good on their promises and representations, such as those contained in their Terms of Use and Privacy Policies. This is a popular area of FTC enforcement, as we have discussed in the past. But another interesting theme that may be in the making: Will companies with Chinese ownership come under increasing scrutiny by U.S. regulators? Miniclip is a Swiss-based company. But in February 2015 (a few months before CARU ousted the company from its COPPA safe harbor program), Miniclip received a majority investment from Chinese multinational conglomerate, Tencent Holdings Ltd. It is a head-scratcher whether Tencent’s majority ownership in Miniclip is connected to CARU’s decision. We do not know, as the details of CARU’s decision remain secret to the public, but the timing might suggest so much.

We do know from recent announcements from Secretary of State Mike Pompeo and FBI Director Christopher Wray that the U.S. is red flagging Chinese companies for cybersecurity threats, intellectual property theft, and data co-opting. Pompeo even discussed banning Tik Tok from the U.S. (we’ve talked about Tik Tok’s children’s privacy problems in the past). We suggest companies that have Chinese ownership or affiliation or those that are considering taking investors from China take extra steps to ensure they dot their I’s and cross their T’s, as we may be entering an era of specialized legal and regulatory scrutiny of regulated organizations’ Chinese corporate relations.

Nicole Kardell

Nicole Kardell

Nicole is a certified privacy professional with expertise in European privacy law (CIPP/E), in particular the GDPR. She helps companies to navigate the changing face of privacy regulations and to keep their business practices and partnerships in compliance with the law both domestically and abroad.

Related Practice(s)

Subscribe to Ifrah Law’s Insights