Monday, December 15, 2008

Sony fined 1M for collecting Child Data

Last week I blogged on an article in the Dutch Technology magazine Emerce on a plea to clean personal data from databases in the article "Personal Data Expiry", and today I came across an article with more or less the same implications.

The article reports Sony Music getting fined 1 million dollar for collecting and using personal data of minors without parental permission. As the automated Google translation as usual is kind of crappy, here's my translation of the highlights.

The music company was indicted by the U.S. regulator FTC on tuesday and agreed to a settlement of 1 million dollars on thursday. In this settlement. Sony Music admits that it has violated privacy rules against minors.

Sony Music has collected sensitive personal data without parental consent since 2004. Through 196 websites from artists like Britney Spears and Christina Aguilera the company acquired names, addresses, mobile phone numbers and birth dates from 30.000 children aged under 13. This data was reused at other websites and sometimes even published.

The 1 million dollar fine breaks up into a $33 penalty per child, but it is unclear how much profit Sony makes of minors. The record company now is obliged to have its databases cleared of all unlawfully gained personal data.

In collecting this data Sony has violated the socalled Children's Online Privacy Protection Act (COPPA), a law which must protect children under 13 (ed. probably best known from the Coppa declaration you have to fill in with every forum you register with). All bodies that collect personal information and process it must comply to a fixed set of measures. They are, for example, obliged to do 'a reasonable'
attempt to do the age check.

Sticky thing here is, what do you consider to be a reasonable attempt to verify? We do not have a signing authority for surfers, like we have VeriSign for website owners. You don't have to be really really smart to surf around the web pretty anonymously and spoof whatever data is required. Age Verification, Geoblocking and other protective measures we've put on the web are usually nothing more than a farce, an extra feature to make you feel secure.
  • Read the original article in Dutch here
  • Read the Google translation here.

Labels: , , , , ,


Post a Comment

Links to this post:

Create a Link

<< Home