Tuesday, December 18, 2012

Nickelodeon Withdraws Their "SpongeBob SquarePants"-Themed "SpongeBob Diner Dash" iOS Game From Apple's App Store

According to the following Nickelodeon News article from BBC News, Nickelodeon has decided to remove the "SpongeBob SquarePants" based "SpongeBob Diner Dash" iOS game app, made by mobile game-maker/developer PlayFirst, from Apple's iTunes app store after a US advocacy group called Center for Digital Democracy contacted the Federal Trade Commission (FTC):
SpongeBob app pulled over children's privacy complaint

A SpongeBob app became the latest game to be pulled following a complaint it had violated children's privacy rights.

Children's data is collected through apps without parents' consent or knowledge, says the CDD

Nickelodeon removed SpongeBob Diner Dash from Apple's iTunes app store after a US advocacy group contacted the Federal Trade Commission (FTC).

The Center for Digital Democracy said children's email addresses had been collected without parental consent.

Last week another children's app, Mobbles, was temporarily pulled after the CDD filed a similar complaint.

The Washington DC-based group urged the FTC to investigate Nickelodeon and mobile game-maker PlayFirst's privacy practices.

It said their "deceptive" mobile marketing technologies had violated the Children's Online Privacy Protection Act (COPPA).

"The SpongeBob Diner Dash game asks children to provide a wide range of personal information, including full name, email address, and other online contact information, without providing notice to parents or obtaining prior parental consent, as required by the Children's Online Privacy Protection Act," a statement said.

"Nor does the app provide an adequate description of the personal information it collects or how it is used".

The advocacy group said the app's use of technologies such as unique device identifiers (UDIDs) allowed companies to send customised messages to individual children in the form of "push notifications" that required online contact information - considered personal information under the COPPA rules.

Nickelodeon was unable to be reached for comment.

The app is free to download, but is designed to encourage users to buy virtual "coins" that can be spent on items for SpongeBob like shoes or a frying pan, or to buy upgraded versions of the game.

Need for informed choices

Laura Moy, a lawyer at Georgetown Law's Institute for Public Representation, which prepared the complaint on behalf of the Center for Digitial Democracy (CDD), said: "It is disturbing to learn that a well known children's brand such as Nickelodeon is flouting basic privacy protections for children. Even more troubling, Nickelodeon tells parents that it complies with the law protecting children's privacy when it does not."

Last week the game Mobbles, in which children collect and care for virtual pets, was temporarily pulled from the Apple App store and Google Android Play store.

The FTC last week published a report on mobile apps for children that showed parents were not being provided with information about what data an app collected, who would have access to that data, and how it would be used.

The report said that nearly 60% of the apps examined by the FTC were transmitting information about a user to an advertiser or other third party.

FTC Chairman Jon Leibowitz said: "While we think most companies have the best intentions when it comes to protecting kids' privacy, we haven't seen any progress when it comes to making sure parents have the information they need to make informed choices about apps for their kids."

"In fact, our study shows that kids' apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents," he added.

"All of the companies in the mobile app space, especially the gatekeepers of the app stores, need to do a better job. We'll do another survey in the future and we will expect to see improvement."
Also, from Adweek Online:
Nick Targeted in Kids' Privacy Complaint for SpongeBob App Privacy group keeps up pressure on FTC By Katy Bachman

Hoping to pressure the Federal Trade Commission to step up its enforcement of kids' privacy laws, the Center for Digital Democracy filed a complaint against Nickelodeon and PlayFirst's SpongeBob Diner Dash app game.

In the game, children help SpongeBob seat, serve and please customers in five Bikini Bottom restaurants run by the greedy Mr. Krabs.

The complaint filed Monday claims that not only is the privacy disclosure in the Apple iTunes store deceptive but also that the app asks children to provide personal information, including their full name, email address and other online identifying information, without obtaining parental permission as required by the Children's Online Privacy Protection Act (Coppa).

"Nickelodeon tells parents that it complies with the law protecting children's privacy when it does not," said Laura Moy, an attorney with Georgetown Law's Institute for Public Representations, which prepared the complaint for the CDD.

The CDD asked the trade commission to investigate the apps' data collection, privacy notices practices and use of mobile marketing technologies that allow the companies to send custom messages to children.

Nickelodeon said in a statement it was "currently investigating" the complaint.
This is the second FTC complaint filed by the CDD against a kids' app this week. The first involved Mobbles, a game involving virtual pets, which also collected children's personal information without getting parental permission. After the CDD filed its complaint, the company took its app offline to address privacy concerns.

Both examples would seem to support the trade commission's most recent report on mobile kids' apps, which found that most are flunking kids' privacy. Out of the more than 400 kids' apps reviewed by the FTC, nearly 60 percent shared device ID, geolocation or phone numbers with third parties.

While the FTC has brought several enforcement actions against kids' websites for violating Coppa, it has only brought one action against a mobile kids' app.

The FTC is expected this week to vote on updating Coppa regulations to clarify its authority to enforce the law with mobile apps and to expand the definition of personal information.

"Merely stepping up enforcement...will not be enough; the FTC must also follow through with the proposed revisions to the Coppa rule that will clarify child-directed app operators' responsibilities," Moy wrote in the complaint. "The rule should make crystal clear that before app operators may collect a child's name, location data, email address or other contact information, they must find a way to notify the child's parents and ask their permission."
Also, from CIO Magazine:
Group Says Nickelodeon App Violates Kids' Privacy

SpongeBob Diner Dash collects personal information from children in violation of U.S. law, the complaint says

IDG News Service (Washington, D.C., Bureau) — Smartphone app SpongeBob Diner Dash violates U.S. law by collecting a "wide range" of personal information from children, including full names and email addresses, according to a complaint filed by the Center for Digital Democracy, an advocacy group.

The CDD complaint, filed with the U.S. Federal Trade Commission, accuses television network Nickelodeon and mobile game-maker PlayFirst of violating the Children's Online Privacy Protection Act (COPPA) by using the game to collect personal information from kids and by failing to provide an adequate description of the personal information the game collects and uses.

Nickelodeon and PlayFirst engage in deceptive acts by representing in the privacy disclosure on the Apple App Store that the app's "data collection is in accordance with applicable law, such as COPPA," CDD said in its complaint.

"When the leading children's entertainment [network] thumbs its nose at protecting kids' privacy, it reveals a cynical and callous attitude toward reaping the great financial rewards from marketing to kids by deliberately disregarding the kids online privacy law," Jeffrey Chester, CDD's executive director said by email.

Neither Nickelodeon nor PlayFirst responded immediately to email messages seeking comments on the CDD complaint.

This is the second COPPA complaint CDD has filed with the FTC within a week. Last Tuesday, CDD filed a complaint against popular mobile children's game Mobbles, saying the game collects personal information from children without providing notice to parents.

CDD's two complaints follow an FTC report, released a week ago, saying that many mobile apps aimed at children collect and share personal data without notifying parents, potentially violating COPPA.

"Given last week's FTC mobile app report and this case, it's clear kids' data is at risk online," Chester said. "It is clear that this is not an isolated incident."

The CDD complaint asked the FTC to investigate the apps' data collection and privacy notice practices, including its use of mobile marketing technologies such as unique device identifiers and device tokens, which enable companies to send custom messages to individual children.

SpongeBob Diner Dash is a so-called freemium game, which can be initially downloaded for free, but is designed to encourage users to buy virtual coins that can be spent on items such as shoes that make SpongeBob walk faster, or a frying pan that makes the food cook faster.
Also, from CNET:
SpongeBob disappears from app store after privacy criticism

An advocacy group calls on the FTC to investigate the children's game for violations of online privacy rights and misleading marketing.

SpongeBob Diner Dash was pulled from Apple's app store after a complaint was filed claiming it violated children's online privacy. (Credit: Nickelodeon)

Anyone wanting to download the SpongeBob Diner Dash game from Apple's iTunes app store today is out of luck.

Nickelodeon has removed the app from the store after an advocacy group filed a complaint with the Federal Trade Commission alleging the game violated children's online privacy rights by collecting their e-mail addresses without parents' permission.

According to the Center for Digital Democracy, which filed the complaint earlier today, cable network Nickelodeon and mobile game-maker PlayFirst are misleadingly marketing the game and are violating the Children's Online Privacy Protection Act (COPPA).

SpongeBob Diner Dash is a free app marketed to children, in which popular cartoon character SpongeBob SquarePants must "seat, serve and satisfy even the squirmiest of patrons" and cater to the greedy Mr. Krabs.

Apparently, the game is collecting users' e-mail addresses with promises of sending them a future newsletter. It does not ask for a home address or phone number. According to the New York Times, the app description said it gathered "personal user data as well as nonpersonal user data" and "user data collection is in accordance with applicable law, such as COPPA."

However, the Center for Digital Democracy says that the app does not provide "notice to parents or obtain prior parental consent, as required by the Children's Online Privacy Protection Act." Technically, COPPA only applies to children under 13 years old, so many app makers get around this issue by saying they're targeting older children.

The Center for Digital Democracy's complaint comes on the heels of a FTC report on mobile apps for children that was published last week. The report states that there is "little or no" privacy information available to parents from app vendors or in the Android Google Play and Apple iOS app stores. It also found that "only 20 percent of the apps staff reviewed disclosed any information about the app's privacy practices."

The complaint filed by the Center for Digital Democracy with the FTC will probably not have any legal affect since the FTC does not have processes to file lawsuits. Instead, the complaint acts as letter that is urging the commission to investigate the privacy practices of the SpongeBob Diner Dash game.

"The FTC [needs to] take action to ensure that all companies targeting mobile apps to kids are complying with the law," attorney Laura Moy at Georgetown Law's Institute for Public Representation, which prepared the complaint on behalf of the Center for Digital Democracy, said in a statement.

This isn't the first complaint regarding a children's game that the advocacy group has lodged with the FTC. Last week, the game Mobbles was pulled from both the Apple App and Google Android Play stores after the Center for Digital Democracy filed a similar complaint with the FTC. According to the advocacy group, the geolocation game in which children collect and care for virtual pets, also collected e-mail addresses without parental consent.

CNET contacted Nickelodeon for comment. We'll update the story when we get more information.

Topics: Entertainment, Corporate and legal Tags:iTunes, app store, FTC, SpongeBob, privacy, children's game, game, Center for Digital Democracy
Also, from Gizmodo UK:
SpongeBob Removed From App Store Over Privacy Concerns

If you were hoping to keep the kids quiet over the holidays with a SpongeBob game, you’re all outta luck. Nickelodeon has had to pull SpongeBob Diner Dash from the Apple App Store over complaints that it violates children’s online privacy rights.

An advocacy group has complained to the Federal Trade Commission in the US that the game is collecting children’s e-mail addresses without parental permission, reports the New York Times. The game asks for email addresses — but no other personal information — so that Nickelodeon can spam childhood inboxes with newsletters.

That is, however, not necessarily in accordance with the Children’s Online Privacy Protection Act (COPPA), because the game does not provide “notice to parents or obtain prior parental consent”. Because COPPA only applies to children under 13, though, there’s room here for Nickelodeon to worm its way out by arguing the game is intended for older kids.

Whatever the outcome of the complaint, the incident serves as a welcome reminder of children’s online privacy. Often time we get so caught up in our own privacy worries that it’s easy to forget about the younger generation. Let’s face it: the sale of your photos doesn’t matter as much as a kid’s privacy, and it wouldn’t do us any ham to remember that more often. [NYT]

Image by JD Hancock under Creative Commons license

ftc, nickelodeon, privacy, spongebob
Also, from The New York Times 'Bits' Blog:
SpongeBob Game Removed From App Store After Complaints

[SpongeBob Diner Dash

PlayFirst and Nickelodeon team up to bring you the dish-flipping fun of Diner Dash with a super awesome SpongeBob twist! Soak up 5-star feeding fun with SpongeBob! Mr. Krabs is expanding his Krabby Patty empire, one restaurant at a time. Help SpongeBob seat, serve and satisfy all kinds of fishy customers in five colorful Bikini Bottom restaurants. Slide and tap to send SpongeBob to customers' tables. Take orders, seat customers, and collect big tips to upgrade your restaurants! Dive into culinary chaos under the sea with SpongeBob Diner Dash!]
SpongeBob Diner Dash, a free game app for children featuring the popular yellow cartoon character loved by millions of youngsters, disappeared from the Apple App Store on Monday after an advocacy group complained that the app violated federal privacy protections for children online.

The Center for Digital Democracy (the group's site), a nonprofit group in Washington, filed a complaint (the group's complaint) with the Federal Trade Commission on Monday, saying the SpongeBob app violated a children’s online privacy law by collecting children’s e-mail addresses and other information without obtaining their parents’ permission. The group asked federal regulators to investigate PlayFirst (the company's site), the developer of the Diner Dash app (developer info about the app), and Viacom, the parent company of the Nickelodeon network which carries the SpongeBob SquarePants cable TV program, over “deceptive marketing.”

David Bittler, a spokesman for Nickelodeon, said the company had learned of the advocates’ filing on Monday morning and had temporarily taken down the app while it investigated their complaint.

A spokeswoman for PlayFirst referred questions from a reporter to Nickelodeon.

The SpongeBob complaint comes as the F.T.C. is preparing to update privacy protections for children online. Those rules, based on a 1998 law, the Children’s Online Privacy Protection Act, or Coppa, require operators of Web sites directed at children to notify parents and obtain their consent before collecting information like names, e-mail addresses and phone numbers from children under 13. The law is meant to give parents more control over entities that collect personal details about younger children online, often with the aim of contacting them for marketing purposes.

The app disappeared from the Apple App Store on Monday.

[Your request could not be completed. The item you've requested is not currently available in the US store.]

Yet most popular apps for children fail to give parents basic facts about the kinds of personal information they collect from children and with whom they share it, agency researchers said in an F.T.C. report published last week.

SpongeBob Diner Dash is a game app in which children can earn points by directing the sponge character to serve customers in various colorful cartoon restaurants. The free app frequently asks users if they want to pay a small fee to upgrade to the premium version of the game or buy special game features — in both cases by charging a credit card attached to the device’s Apple account.

In Apple’s App Store on Monday morning, the description of the SpongeBob app explained that it collected “personal user data as well as nonpersonal user data,” connected with third-party social media apps, allowed players to communicate with other app users and included in-app purchases. It also stated that the app complied with federal privacy protections for children online.

“User data collection is in accordance with applicable law, such as Coppa,” the description said.

But in its complaint to the F.T.C., the advocacy group said the app neither provided the kind of notice required by that children’s online privacy law, “nor makes any attempt to obtain prior, verifiable parental consent required by the law.”

The description in the app store (information about the app), along with links to the two companies’ privacy policies, did not provide notice of the specific information the app collected, according to the complaint. And the app itself did not contain a privacy policy explaining its data collection practices.

The app, for example, asked a player to enter “your name” and e-mail address to receive a “newsletter for game tips and news!” It also asked permission to send players on-screen notices. These included messages – like “Help SpongeBob serve hungry customers in SpongeBob Diner Dash!” – that encouraged children to play the game. To contact specific children with such messages, the complaint said, the app collected a string of numbers that was unique to each mobile device.

But the app did not ask children to check with their parents before entering their information or agreeing to receive the notices, the complaint said. (A reporter who downloaded and played the app on Monday morning had the same experience. After the app collected the e-mail address, it did not e-mail the promised newsletter — leaving a question about how the app actually uses player e-mail addresses).

This is the second complaint about children’s app developers lodged this month by the Center for Digital Democracy. Last week, the group filed a complaint with the F.T.C. saying Mobbles, a Pokemon-inspired cartoon game app, also collected data from children without seeking parental consent. The developer of Mobbles said the app was not meant for children under 13.

In a letter to the agency accompanying the SpongeBob complaint, the advocacy group asked federal regulators to increase enforcement actions against the developers of mobile apps for children. It also asked the agency to add unique mobile device code numbers to the types of data collected from children that require prior parental consent.

[Tags:] APPS, PRIVACY, VIACOM
Also, from The Hill's technology blog, Hillicon Valley:
Privacy watchdog group calls on FTC to investigate 'SpongeBob' mobile app

The Center for Digital Democracy (CDD) on Monday called on the Federal Trade Commission to investigate a "SpongeBob SquarePants"-themed mobile app game by Nickelodeon and mobile game developer PlayFirst, claiming that it violates online child privacy rules.

In its complaint filed with the agency, the privacy watchdog group says the "SpongeBob Diner Dash" game asks kids to submit some of their personal information, including their full name and email address, without obtaining parental consent or providing a notice to parents first. CDD charges that this information collection violates the Children's Online Privacy Protection Act (COPPA), even though the app claims that it complies with the privacy law.

CDD says the app also doesn't provide a description of the personal information it collects, or how it uses that information.

“It is disturbing to learn that a well-known children’s brand such as Nickelodeon is flouting basic privacy protections for children," Laura Moy, an attorney at Georgetown Law's Institute for Public Representation, said in a statement. "Even more troubling, Nickelodeon tells parents that it complies with the law protecting children’s privacy when it does not”

Moy prepared the complaint on behalf of CDD.

A Nickelodeon spokesman said the company has "temporarily have taken down the app while we investigate their complaint." The company first heard about CDD's claims via press reports.

San Francisco-based PlayFirst could not be reached for comment on CDD's claims.

The aim of the "SpongeBob" game is for kids to help the popular cartoon character quickly serve customers in the "Bikini Bottom" restaurants from the show. The game can be downloaded for free, but players can purchase virtual coins within the game that buy items that help SpongeBob serve customers faster.

Last week CDD filed a complaint against another game app targeted toward kids, called "Mobbles," for violating COPPA rules.

In its complaint against the "SpongeBob" game, CDD urged the FTC to step up its enforcement of COPPA against mobile app developers and to update the child privacy rules so they're relevant in an age where smartphone and tablet use is on the rise.

The FTC is expected to unveil its updates to COPPA in the coming days. The revised rules would expand COPPA's scope to cover apps, games, ad networks and other online entities. Google, Facebook and other major companies have pushed back against some of the proposed changes.

As a precursor to its release of the updated privacy rules, the FTC published a study this month that said hundreds of mobile apps for kids are collecting and sharing their personal information. The agency found that many of the apps collected this information without proper disclosure.
Also, from PC Adviser:
US FTC strengthens online children's privacy rules

The new rules require websites targeting children to get parental permission before collecting geolocation data and photos

Websites, mobile apps and online advertising networks targeting children will be required to follow new privacy regulations, including getting a parent's permission before collecting geolocation information and photographs from kids, under new rules announced Wednesday by the U.S. Federal Trade Commission.

The new rules, a revision of existing regulations under the Children's Online Privacy Protection Act (COPPA), also require websites and other online services to get parental permission before collecting IP addresses and mobile devices IDs for children under age 13.

The changes to the rules, praised by privacy advocates, also require third-party companies collecting information on websites targeted at children to get a parent's permission, closing a "loophole" that allowed some plug-ins to collect children's personal information without getting permission, FTC Chairman Jon Leibowitz said during a press conference.

Changes to the FTC's COPPA rule are needed because the Internet has changed significantly, with an explosion of smartphones, mobile apps and social networking, since Congress passed COPPA in 1998, Leibowitz said.

"The Internet of 2012 is vastly different than the Internet of 14 years ago," he said. "Some companies, especially some ad networks, have an insatiable desire to collect information from kids."

The new rules, scheduled to go into effect in July, are designed to give online businesses that provide services to children clear guidelines about collecting personal data, Leibowitz said. The new rules do not prohibit advertising to children online, he said, but address the collection of personal data to deliver targeted, or behavioral, advertising.

"Our rule is simple, effective and straightforward," he said. "Until and unless you get parental consent, you may not track children to build massive profiles for behavioral advertising."

Four U.S. lawmakers attending the press conference praised the changes to the COPPA rules. The new rules will help prevent third-party companies on websites from using "technological tricks" to children's personal information, said Senator John "Jay" Rockefeller, a West Virginia Democrat.

Strengthening the rules is "so much a no-brainer," Rockefeller added. "It should be a universal issue."

The FTC, in strengthening the rules, is doing "the lord's work," said Representative Joe Barton, a Texas Republican.

The rules create a new, streamlined process at the FTC for online companies to propose new ways to get parental permission to collect information. The rules also require online companies to take reasonable steps to release children's personal information only to companies that can keep it secure and confidential.

Digital liberties group the Center for Democracy and Technology and e-commerce trade group NetChoice raised concerns that the new rules may target too many websites.

"COPAA should stay focused on websites that knowingly communicate with children -- not cast a net so wide it is impossible to comply with," Steve DelBianco, executive director of NetChoice, said by email. "I'm amazed at the ambiguity in determining whether a site is covered by COPPA. Despite two years of deliberation, the FTC still has not provided clarity the e-commerce industry needs."

Web sites that serve a mixed audience could be vulnerable to FTC enforcement under COPPA, he added.

The new rules' definition of when a website is directed to children "could expand COPPA's reach to general audience sites and confuse website owners as to whether these new rules apply to them," CDT said in a statement. This will likely prompt more sites to ask for age verification from all users before allowing access, the group said.

The new COPPA rules come just days after the FTC released a report saying that many mobile kids' apps collect information without getting parental consent.

In the past eight days, privacy group the Center for Digital Democracy has filed two COPPA complaints with the FTC, one against popular mobile children's game Mobbles and the second against television network Nickelodeon and mobile game-maker PlayFirst.

The new FTC rules are a "major step forward," although the CDD will be on the lookout for loopholes, said Jeffrey Chester, executive director the group.

"We are especially gratified that this decision puts to rest the longstanding and disingenuous claims by the digital marketing industry that cookies and other persistent identifiers are not personally identifiable information," he said in an email. "The revised rules also address the increasingly pervasive use of geolocation, behavioral targeting, and social media data collection."