Game Publisher Settles with FTC Over Lapsed CARU Safe Harbor Claims

Last month, Miniclip, SA, a Swiss game publisher with over 1,000 games in its portfolio, settled with the FTC over allegations that it promoted its participation in the Children’s Advertising Review Unit (“CARU”) safe harbor program long after it had been kicked out of that program. The settlement, which did not include a monetary penalty, sets forth compliance and recordkeeping requirements. 

The CARU safe harbor program, which is approved by the FTC, provides special regulatory treatment to its members under the Children’s Online Privacy Protection Act (“COPPA”). On its website, CARU, which is operated by the BBB states, “Program participants who adhere to CARU’s Guidelines are deemed in compliance with COPPA and essentially insulated from enforcement actions by the Federal Trade Commission (FTC).”

 The FTC alleged that Miniclip participated in the safe harbor program from 2009 until 2015 when its participation was terminated. Despite this termination, Miniclip allegedly continued to tout its participation in the safe harbor program from 2015 through mid-2019 on its website and its Facebook games privacy policy page. 

The FTC Commissioners unanimously approved the settlement, but Commissioner Rohit Chopra published a concurring statement to voice his concerns about children’s privacy enforcement and safe harbor programs generally. Commissioner Chopra stated that terminations from such safe harbor programs are rare and, since the events leading to a termination are not shared with the FTC, the commission is often unable to bring an enforcement action targeting the objectionable conduct. As Chopra stated, Miniclip’s termination is shrouded in privacy. However, in a statement to IAPP, CARU Vice President Dona Fraser said terminations occur when there are failures to comply with COPPA or safe harbor guideline and described the process as follows: “Usually there’s a lot of back and forth and we work very hard to find different solutions to help companies comply, but if they insist on maintaining practices that are going to be inconsistent with COPPA or inconsistent with our guidelines, there’s not a lot of wiggle room at that point.”

Commissioner Chopra further stated:

Beefing up oversight of the COPPA Safe Harbor program is just one of many actions the Commission must take to strengthen our approach to protecting children’s privacy. The Commission should also issue orders under Section 6(b) of the FTC Act to further study how companies are collecting, sharing, and monetizing data on children, as we look to modernize our rules and enforcement strategy to root out children’s privacy violations.

Given the FTC’s increasing focus on children’s privacy and Commissioner Chopra’s concurring statement, game publishers and all apps targeting children should be prepared for increased regulatory scrutiny and should routinely reevaluate their compliance with privacy policies and regulations. Future enforcement actions are likely to focus on the actionable conduct rather than mere critiques of publisher’s privacy policies and statements.