Iconix settles charges of violating children's privacy law

The clothing company collected children's personal data without telling parents, the FTC says

Iconix Brand Group, which sells clothing for children and teens under several brands, will pay a US $250,000 civil penalty to settle U.S. Federal Trade Commission charges that it violated a law prohibiting companies from collecting and using children's personal information without parental permission.

Iconix, which owns the brands Mudd, Candie's, Bongo, and OP, required consumers on many of its brand-specific Web sites to provide personal information such as full name, e-mail address, zip code, and in some cases mailing address, gender and phone number -- as well as date of birth -- in order to receive brand updates, enter sweepstakes contests and participate in other Web site features, the FTC said in a news release.

Since 2006, Iconix collected and stored personal information from approximately 1,000 children without first notifying their parents or obtaining parental consent, according to the FTC's complaint. On one Web site, MyMuddWorld.com, Iconix also enabled girls to publicly share personal stories and photos online, the FTC said.

That collection of information from young customers violated the Children's Online Privacy Protection Act (COPPA) and the FTC's COPPA Rule by knowingly collecting, using, or disclosing personal information from children online without first obtaining their parents' permission, the FTC said.

"Companies must provide parents with the opportunity to say 'no thanks' to the collection and disclosure of their children's personal information," FTC Chairman Jon Leibowitz said in a statement. "Children's privacy is paramount, and Iconix really missed the boat by denying parents control over their kids' information online."

Iconix, in a statement, said it believed the violations were inadvertent and "did not result in any harm to children or other users of its sites." However, the company settled the complaint to "avoid the time and expense of a protracted dispute" with the FTC.

Iconix did not admit any wrongdoing in the settlement. After learning of the FTC's complaint, the company took "immediate action" to comply with the COPPA guidelines, the company said.

COPPA requires operators of Web sites directed to children under 13 years old that collect personal information from them -- and operators of general audience Web sites that knowingly collect personal information from children under 13 -- to notify parents and obtain their consent before collecting, using, or disclosing any such information.

The FTC's complaint also charged Iconix with violating both COPPA and the Federal Trade Commission Act by falsely stating in its privacy policy that it would not seek to collect personal information from children without obtaining prior parental consent, and that it would delete any children's personal information about which it became aware.

A settlement order prohibits Iconix from violating any provision of the FTC's COPPA Rule, and requires the company to delete all personal information collected and maintained in violation of COPPA. The company is required to distribute the order and the FTC's "How to Comply with the Children's Online Privacy Protection Rule" to company personnel.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)