News & Resources

Publications & Media

“Children’s online privacy rights must be considered by companies”

Safe and Sound By Heather L. Buchta

The Topps Company— the maker of Ring Pops—may have been just trying to have a little marketing fun. But a recent contest the company sponsored in 2014 around its jewel-shaped ring candy has caused a ruckus among several children’s rights advocacy groups and is at the root of a complaint recently filed with the Federal Trade Commission.

Topps had called on its fans to post photos of themselves on Facebook, Twitter and Instagram enjoying a Ring Pop with the hashtag #RockThatRock. Because Ring Pops are sucking candies that appeal to children and teenagers, many of the photos—some of which were posted directly to Topps Facebook and Twitter pages—looked provocative. And when these under-aged individuals posted the photos, they also provided the company with their user names.

Ten advocacy groups filed a complaint with the FTC claiming Topps was in violation of the Children’s Online Privacy Protection Act (COPPA). COPPA requires that companies with websites directed at children must notify parents and obtain verifiable parental consent before collecting personal information from children under 13. According to the advocacy groups’ complaint, the photos and screen names Topps collected are personal information under COPPA and Topps didn’t obtain the consents required under COPPA.

Topps is far from the first company to come under fire for violating children’s privacy rights online. In the past several years, some of the country’s biggest brands have all faced complaints about their privacy practices with regard to kids.

While the FTC rolled our stricter privacy rules for children last year—updating COPPA for the first time since it was enacted in 1998—the commission’s efforts to actively police the problem has been called into question. In September, several children’s privacy advocacy groups publicly criticizing the commission for its “lax oversight of laws designed to protect children’s privacy.”

For its part, the FTC contends that it takes “law enforcement actions against companies that failed to comply with the provisions of the law.” The onus for protecting children online falls on the companies who market directly to them.