FTC Settles with Sony Music Over Kids’ Personal Info

Sony BMG Music Entertainment has settled with the Federal Trade Commission for $1 million for alleged violations of child protection regulations. Sony Music was charged with collecting and disclosing personal information of children under 13 collected through hundreds of artist and label Web sites. The civil penalty is the largest related to the Children’s Online Privacy Protection Act since 2006.

“I think it’s a really instructive case in that everybody wants to create buzz about their products,” said Phyllis Marcus, a senior FTC staff attorney in the advertising practices division who worked on the case. However, she added, sometimes the concerns of legal staff are not in sync with creative ones. “The ramifications are pretty serious if they’re not in sync.”

Of hundreds of Web sites dedicated to Sony artists and labels, 196 “knowingly collected personal information from at least 30,000 underage children without first obtaining their parents’ consent,” noted an FTC statement about the settlement. The commission said Sony Music neglected to get parental consent on those sites and failed to offer sufficient notice about information collected from children and how it would be used.

Sony also stated in its privacy policy that kids under 13 would be blocked from being able to provide personal data, though that wasn’t actually implemented, according to the FTC, which alleges that the company violated the COPPA requirements since 2004.

“It’s possible that they had intended to block kids, but they never actually blocked kids,” said Marcus. “You need to…ensure, especially when it comes to kids, that you’re following through on your promises.”

A senior Sony BMG executive affirmed that the company had “unintentionally collected names,” and “did not have a screening process in place.”

The executive told ClickZ News the company now has a filtering system in place that follows FTC guidelines, and is in the process of hiring an official to oversee compliance with FTC regulations.

In addition to paying $1 million to the FTC, Sony Music must delete all personal data collected in violation of COPPA. “We have extensive follow up” with companies that have settled with the FTC, she added.

COPPA requires Web site publishers to notify parents and obtain their consent before gathering personally-identifiable information about children.

In 2006, the FTC settled for $1 million with social networking site Xanga, alleging similar violations of COPPA.

Many of the Sony sites in question included interactive and social features that have become de rigueur for many brand and product sites, such as message boards, video and photo upload capabilities, and tools for creating fan pages.

The case specifically deals with direct collection of personal information. However, the proliferation of social media sites and their use by people — often young people — for interacting with companies certainly raises questions about how child protection regulations will be treated by the commission in the increasingly amorphous world of digital media.

“Hobbies and interests and other items about a child can be considered personal if combined with other items that are listed that are personal,” said Marcus.

UPDATE: This story was updated to reflect comments from Sony BMG.

Related reading