Hoping to pressure the Federal Trade Commission to step up its enforcement of kids' privacy laws, the Center for Digital Democracy filed a complaint against Nickelodeon and PlayFirst's SpongeBob Diner Dash app game.
In the game, children help SpongeBob seat, serve and please customers in five Bikini Bottom restaurants run by the greedy Mr. Krabs.
The complaint filed Monday claims that not only is the privacy disclosure in the Apple iTunes store deceptive but also that the app asks children to provide personal information, including their full name, email address and other online identifying information, without obtaining parental permission as required by the Children's Online Privacy Protection Act (Coppa).
"Nickelodeon tells parents that it complies with the law protecting children's privacy when it does not," said Laura Moy, an attorney with Georgetown Law's Institute for Public Representations, which prepared the complaint for the CDD.
The CDD asked the trade commission to investigate the apps' data collection, privacy notices practices and use of mobile marketing technologies that allow the companies to send custom messages to children.
Nickelodeon said in a statement it was "currently investigating" the complaint.
This is the second FTC complaint filed by the CDD against a kids' app this week. The first involved Mobbles, a game involving virtual pets, which also collected children's personal information without getting parental permission. After the CDD filed its complaint, the company took its app offline to address privacy concerns.
Both examples would seem to support the trade commission's most recent report on mobile kids' apps, which found that most are flunking kids' privacy. Out of the more than 400 kids' apps reviewed by the FTC, nearly 60 percent shared device ID, geolocation or phone numbers with third parties.
While the FTC has brought several enforcement actions against kids' websites for violating Coppa, it has only brought one action against a mobile kids' app.
The FTC is expected this week to vote on updating Coppa regulations to clarify its authority to enforce the law with mobile apps and to expand the definition of personal information.
"Merely stepping up enforcement...will not be enough; the FTC must also follow through with the proposed revisions to the Coppa rule that will clarify child-directed app operators' responsibilities," Moy wrote in the complaint. "The rule should make crystal clear that before app operators may collect a child's name, location data, email address or other contact information, they must find a way to notify the child's parents and ask their permission."