The Center for Digital Democracy (CDD) said SpongeBob Diner Dash collected children’s email addresses without parental consent. SpongeBob SquarePants rights-holder Nickelodeon has pulled the game from the App Store in response to the complaint, but denies allegations that it broke children’s online privacy rules.
The Washington D.C.-based CDD has asked the Federal Trade Commission (FTC) to investigate the privacy practices of both Nickelodeon and mobile game-maker PlayFirst. In a statement, the advocacy group said:
“The SpongeBob Diner Dash game asks children to provide a wide range of personal information, including full name, email address, and other online contact information, without providing notice to parents or obtaining prior parental consent, as required by the Children’s Online Privacy Protection Act. Nor does the app provide an adequate description of the personal information it collects or how it is used.”
The CDD argues that such practices breach the Children’s Online Privacy Protection Act (COPPA). It said that the free-to-download SpongeBob Diner Dash employs unique device identifiers (UDIDs), technology that allows companies to send tailored messages to individual children in the form of “push notifications” that require online contact information. Under COPPA regulations, such data is considered to be personal information.
Laura Moy, a lawyer representing the CDD, said:
“It is disturbing to learn that a well known children’s brand such as Nickelodeon is flouting basic privacy protections for children. Even more troubling, Nickelodeon tells parents that it complies with the law protecting children’s privacy when it does not.”
Nickelodeon has conducted an initial investigation of the app, and says no names or email addresses have been collected. In the words of the company:
“We believe that no violation of COPPA occurred.”