The Center for Digital Democracy described its complaints as revealing a “pattern of disturbing practice that threaten children’s privacy.” The new COPPA rules were “designed to protect children from contemporary data collection practices that track consumers 24/7 on mobile phones and apps,” said CDD executive director Jeff Chester in a statement. “But what we discovered is that the same powerful and pervasive data gathering digital complex is at work on leading kids sites.”
According to the filings, an independent researcher and Clueful, an online privacy monitoring service, found several instances when Marvelkids.com and the Sanrio app collected personal information from users and disclosed it to third parties without getting parental consent.
The Sanrio report listed Tapjoy, MoPub and Flurry as operators that collect children’s personal information from the app. The report acknowledged that the technologists were unable to determine how these third parties use the information, but noted that they could also be held liable for violations if they have actual knowledge of collecting information on a child-directed app.
In response to the report, Flurry provided the following statement: "Flurry’s terms prohibit the use of Flurry Analytics, AppCircle or AppSpot in conjunction with apps directed to kids under 13. Earlier this year Flurry developed a restricted version of Flurry Analytics to help developers who wish to limit data use for whatever reason, and Flurry permits the use of the restricted version of Analytics in apps directed to kids. If an application is directed at children under the age of 13, a developer may only use the restricted version of our Analytics product in connection with that app."