18:57, August 05 369 0 law.com

2017-08-05 18:57:04
Disney, App Partners Hit With Suit Under Child Privacy Law

SAN FRANCISCO — The Disney Princess Palace Pets app allows children to play with, bathe and accessorize about 10 different virtual pets. Sounds innocent enough.

But according to a new lawsuit, The Walt Disney Co. and its software partners are illegally using the app—and dozens of others aimed at kids—to track the online activity of youngsters to serve them targeted ads. Disney and three software companies were hit with a class action complaintThursday claiming Princess Palace Pets violates a federal law designed to protect children’s privacy while online.

Lawyers at Carney Bates & Pulliam and Lieff Cabraser Heimann & Bernstein filed the suit on behalf of a San Francisco woman whose daughter uses the app. The suit claims Disney’s software partners—Upsight Inc., Unity Technologies SF and Kochava Inc.—harvested personally identifiable information from players under the age of 13 in violation of the Children’s Online Privacy Protection Act, or COPPA. The suit seeks unspecified damages and an injunction barring further violation of COPPA, the 1999 federal law that requires online services to get parental permission before collecting identifying information of anyone younger than 13.

Disney officials did not respond to a message seeking comment Friday. The company previously agreed to pay $3 million in May 2011, the largest COPPA penalty to date, to settle charges the Federal Trade Commission brought against its gaming subsidiary Playdom Inc.

In the complaint filed Thursday, plaintiffs claim Disney allows its technical partners to install their own proprietary code—so-called “software development kits” or SDKs—within Disney’s gaming apps. According to the complaint, although that code doesn’t track traditional identifiers like names, email addresses or Social Security numbers, it does detect persistent identifiers such as the unique numbers associated with a particular mobile device.

“These persistent identifiers allow SDK providers to detect a child’s activity across multiple apps and platforms on the internet, and across different devices, effectively providing a full chronology of the child’s actions across devices and apps,” wrote Hank Bates of Carney Bates and Michael Sobol of Lieff Cabraser. “Permitting technology companies to obtain persistent identifiers associated with children exposes them to the behavioral advertising (as well as other privacy violations) that COPPA was designed to prevent.”

The suit seeks to certify a class covering about three dozen states to bring invasion of privacy claims. It also seeks to certify a California subclass to pursue claims under the state’s constitutional right to privacy.

Neither Bates nor Sobol responded to messages Friday.