On September 8, 2011, the U.S. District Court for the
Northern California entered a Consent Decree and Order for Civil Penalties,
Injunction and Other Relief against a mobile apps developer, W3 Innovations
LLC, and its owner, Justin Maples.
There are several commentaries about this that immediately jump to mind. First,
the enforcement action was brought by the Federal Trade Commission ("FTC")
against the corporate entity, W3 Innovations LLC, and personally against its
officer and owner Justin Maples. This poses a question about the limited
liability protection of a corporate entity and why it was pierced in this case.
Second, this action is the first FTC action against mobile apps developers, and
it sends (or at least should send) a strong message to the whole developers
community. Third, in my opinion, this situation could have been avoided if
Justin Maples retained a good intellectual property lawyer before launching the
apps (a good IP lawyer should be familiar with the Children's Online Privacy
Protection Act ("COPPA")). Many start-up owners avoid extra costs by not
consulting attorneys, but expose themselves to large financial risks later on.
Most often, as in this case, such risks could easily be avoided.
COPPA requires that website operators notify parents and obtain their prior
consent before collecting children's personal information. COPPA also requires
According to the FTC press release and the Consent Decree, each available here
http://www.ftc.gov/opa/2011/08/w3mobileapps.shtm), the FTC charged the
defendants with violating COPPA by illegally collecting and disclosing personal
information from thousands of children under age 13 without their parents'
consent. In fact, there were over 50,000 downloads of the games that collected
personal information. As part of settlement, the defendants agreed to pay a
$50,000 penalty, among other things.
The "Emily" apps developed by W3 Innovations allowed children to create virtual
models and design outfits. The apps then encouraged kids to email "Emily" their
comments and submit blogs via email. The FTC alleged that the defendants
collected and maintained thousands of email addresses of the app users. The
apps also allowed kids to post information, including personal information, on
According to the FTC, the defendants did not disclose their practices and did
not ask for parental consent before they collected, used and disclosed their
children's personal information. Please note that the Consent Decree is a
settlement, and does not constitute an admission by defendants of violation of
There are many lessons to be learned here. For mobile developers and website
owners: please create, review, update and disclose your privacy policies. These
are not just boilerplate documents that can be copied from another site. For
parents: check what games your kids are playing and what are the information
collection practices of every app and every website that your children
Read more commentary from Arina Shulga on the
legal aspects of operating new and growing businesses at Business Law Post.
For more information about LexisNexis
products and solutions connect with us through our corporate site.