Consumer advocates accused companies including McDonald's Corp and Viacom Inc's Nickelodeon of unlawfully using children to market their websites through campaigns that encourage sharing video, games and other content.
The Center for Digital Democracy and 16 other groups asked the U.S. Federal Trade Commission to investigate, accusing the companies of violating the Children's Online Privacy Protection Act (COPPA) by asking children to divulge personal information and the information of friends without parental consent.
Angela Campbell, a Georgetown law professor and legal counsel for the Center for Digital Democracy, said the FTC should stop such "commercial exploitation of children."
The FTC implemented the children's privacy law in 2000 through its Children's Online Privacy Protection Rule, which gives parents a say over what information websites can collect about children under age 13.
Lawmakers and privacy advocates have long argued that companies are not doing enough to safeguard customers' privacy.
The advocacy groups filed five separate complaints with the FTC against McDonald's HappyMeal.com, Viacom's Nick.com, Doctor's Associates Inc's SubwayKids.com, Turner Broadcasting System's CartoonNetwork.com and General Mills Inc's ReesesPuffs.com and TrixWorld.com. Turner Broadcasting is a unit of Time Warner.
"We take our compliance with children's privacy rules very seriously, and the allegations made by these groups are absolutely incorrect," Nickelodeon spokesman David Bittler said.
General Mills spokesman Tom Forsythe said the complaints seem to have mischaracterized their practices.
"COPPA permits 'send to a friend' emails, provided the sending friend's email address or full name is never collected and the recipient's email address is deleted following the sending of the message," he said.
But the advocacy groups argue that the refer-a-friend campaigns are unfair and deceptive to children who may not be aware that they are generating advertising messages.
"The companies identified in these complaints are clearly trying to circumvent privacy safeguards for children," said American University communications professor Kathryn Montgomery.
"They are also enlisting kids and their friends in deceptive marketing schemes disguised as play -- in some cases for junk foods and other unhealthy products -- completely under the radar of parents," said Montgomery, one of the leaders of the campaign to have COPPA enacted in 1998.
The FTC and White House unveiled earlier this year privacy frameworks that would give all Internet users, not just those under 13, greater control over how their personal data is collected, shared and used by advertisers and tech companies.
Some lawmakers have also called COPPA woefully out of touch with technology developments, leaving kids vulnerable. Bipartisan legislation has been introduced to create a "Do Not Track" system to protect kids, but it has been stalled in Congress.
The FTC earlier this month proposed further changes to its planned update of COPPA regulations that would ensure that websites and third-party data brokers get parental permission before they collect children's data.
TAKING PROTECTIONS SERIOUSLY
The advocacy groups' complaints included the "star in a music video" feature on the McDonald's site. A child is able to upload their photo to create a video with their image on a cartoon character, and is asked to share the video by providing the names and email addresses of friends. Those friends then receive an email asking them to check out the site and saying they were "tagged for fun by a friend." All of this occurs without having to get a parent involved.
"McDonald's makes every effort to be in compliance with all government regulations," McDonald's USA spokeswoman Danya Proud said.
A Cartoon Network spokesman said they would review any allegations closely, and stressed that the network takes complying with COPPA very seriously. A Subway Restaurants spokesperson said they also took online privacy seriously and were COPPA-compliant.
The advocacy groups also asked the FTC to update COPPA to bar cookies from being placed on computers that visit children's websites without parental consent, and to include photographs in its definition of personal information. Both items have already been proposed by the FTC.
The FTC said it has received the complaints and will be reviewing them carefully.