FTC Fines Iconix $250,000 for Alleged COPPA Violation

Iconix Brand Group Inc. will pay a $250,000 civil penalty to settle Federal Trade Commission charges that it violated the Children’s Online Privacy Protection Act (COPPA) and by knowingly collecting, using, or disclosing personal information from children online without first obtaining their parents’ permission, according to the FTC.

Iconix owns, licenses, and markets – both offline and online – several popular apparel brands that appeal to children and teens, including Mudd, Candie’s, Bongo, and OP. Iconix required consumers on many of its brand-specific Web sites to provide personal information, such as full name, e-mail address, Zip code, and in some cases mailing address, gender, and phone number – as well as date of birth – in order to receive brand updates, enter sweepstakes contests, and participate in interactive brand-awareness campaigns and other Web site features, according to the FTC.

.Since 2006, Iconix knowingly collected and stored personal information from approximately 1,000 children without first notifying their parents or obtaining parental consent, according to the FTC’s complaint. On one Web site, MyMuddWorld.com, Iconix also enabled girls to publicly share personal stories and photos online, according to the Commission.

COPPA requires operators of Web sites directed to children under 13 years old that collect personal information from them – and operators of general audience Web sites that knowingly collect personal information from children under 13 – to notify parents and obtain their consent before collecting, using, or disclosing any such information. One requirement of the COPPA Rule is that Web site operators post a privacy policy that is clear, understandable, and complete. He FTC continued.

The Commission’s complaint also charges Iconix with violating both COPPA and the Federal Trade Commission Act by falsely stating in its privacy policy that it would not seek to collect personal information from children without obtaining prior parental consent, and that it would delete any children’s personal information about which it became aware. According to the FTC complaint, Iconix knowingly collected personal information from children without obtaining prior parental consent and did not delete it.

The order also requires the company to delete all personal information collected and maintained in violation of COPPA. The company is required to distribute the order and the FTC’s “How to Comply with the Children’s Online Privacy Protection Rule” to company personnel, according to the FTC.