Skip Navigation

Close and don't show again.

Your browser is out of date.

You may not get the full experience here on National Journal.

Please upgrade your browser to any of the following supported browsers:

Children's Online-Privacy Violations Alleged Against McDonald's, General Mills, 3 Others Children's Online-Privacy Violations Alleged Against McDonald's, Gener...

This ad will end in seconds
Close X

Want access to this content? Learn More »

Forget Your Password?

Don't have an account? Register »

Reveal Navigation



Children's Online-Privacy Violations Alleged Against McDonald's, General Mills, 3 Others


A screen shot of, cited by advocacy groups for allegedly violating children's online-privacy rules.(Source: Center for Digital Democracy)

A bevy of advocacy groups will file complaints on Wednesday with the Federal Trade Commission accusing five major companies, including McDonald's and Viacom, of violating children’s online privacy rules.

In the complaints, 17 advocacy organizations allege that McDonald's, Viacom, General Mills, Turner Broadcasting Systems, and Doctor’s Associates—which owns the Subway brand—are using websites aimed at children to collect kids’ personal information without parental consent.


At the heart of the complaints are websites that use “refer-a-friend” games or services to encourage children to enter information like e-mail addresses or upload photos, and then provide friends’ e-mail addresses to share the content.

That, the groups say, is a violation of Children's Online Privacy Protection Act, which limits how companies can use and collect children’s information.

“None of the companies subject to these complaints provide sufficient notice of their collection of e-mail addresses from children,” lawyers for the groups argue in documents addressed to FTC. “These companies also do not make any effort to obtain verifiable parental consent prior to collection and use of the children’s e-mail addresses.”


The complaints describe viral marketing efforts and tracking by the companies’ websites, including,,,,, and

At, for example, the documents describe a system where kids are encouraged to upload a photo of themselves to make a music video, then share the video by submitting the names and e-mail addresses of as many as five friends. Those friends then receive an e-mail prompting them to make and share videos of their own.

A spokesman for Nickelodeon, owned by Viacom, would not comment on the specifics of the complaint because the company had not yet seen it, but David Bittler told National Journal that’s sharing service does not record or store any e-mail addresses.

General Mills also argues that "send-to-a-friend" systems are not banned by COPPA as long as the informtion is immediately deleted after the e-mails are sent. COPPA specifies certain exemptions from the requirement, including for one-time use of e-mails.


"If they are saying COPPA does not permit 'send to a friend,' that is not accurate," General Mills spokesman Tom Forsythe said in an e-mail statement to National Journal. "If they are saying General Mills is not following the COPPA-approved procedure, they are simply wrong." He also said his company had not yet seen the complaints as of Tuesday night.

The other companies named in the complaints did not respond to requests for comment.

The letters call on FTC to open investigations into the accusations and order the companies to stop the practices.

Besides asking for formal investigations of possible violations of existing rules, the groups say the practices highlight the need for FTC to update and clarify the 14-year-old rules to account for changes in technology and the fact that children respond to advertising differently than adults.

“Unlike adults, they lack the capacity to make an informed decision as to whether to share a friend’s information because they have no concept of the value of a friend’s e-mail address to a particular company,” the groups argue. “Thus, using children to virally market products to other children online takes unfair advantage of children’s trust and lack of experience.”

Among the changes the agency is considering are revisions to the definition of “personal information” to include geolocation data and persistent identifiers, which are not necessary to the basic function of a computer or website, such as online tracking cookies. 

FTC also is aiming to improve parental notification and consent procedures required by the law. It proposed new ways to obtain verifiable parental consent such as having parents submit electronically scanned signed parental-consent forms and also called for eliminating the use of e-mail to obtain parental consent. 

The complainants include the Center for Digital Democracy, the American Academy of Child and Adolescent Psychiatry, and the Consumer Federation of America, among others.

comments powered by Disqus