A federal class-action lawsuit charges Disney of illegally spying on children through mobile apps—again!

A federal class-action lawsuit filed in San Francisco accuses Disney of illegally spying on your children through gaming apps

The Walt Disney Company is again being accused of secretly spying on their youngest and most vulnerable customers, collecting their personal information and illegally using and selling that data to advertisers and other unidentified third-parties without parental consent, according to a proposed federal class-action lawsuit filed in San Francisco this week.

It's official: Disney has now become that really creepy guy who spies on your
kids while hiding behind the bushes at the local public park playground

The suit was filed Thursday by Amanda Rushing, a Bay-Area mother in Northern California, on behalf of her child—identified only as "L.L."—who frequently used Disney's gaming apps on various mobile devices.

The suit alleges that Disney's mobile apps are surreptitiously embedded with computer code that grossly violates federal privacy laws protecting children younger than 13 years of age by covertly gathering personal and private information on under-aged users, without parental consent, and using that data for "behavior advertising to children whose profile fits a set of demographic and behavioral traits."

“Most consumers, including parents of children consumers, do not know that apps created for children are engineered to surreptitiously and unlawfully collect the child-users’ personal information, and then exfiltrate that information off the smart device for advertising and other commercial purposes,” the suit alleges.
 

According to the federal lawsuit, Disney knowingly violated the nationwide Children's Online Privacy Protection Act (COPPA), enacted by Congress in 1999, which states software “developers of child-focused apps, and any third-parties working with these app developers, cannot lawfully obtain the personal information of children under 13 years of age without first obtaining verifiable consent from their parents.”

The Walt Disney Company may be the largest online predator of children on the net

The plaintiff of the lawsuit asserts that no such parental consent was ever obtained or even shown to her when her child began playing Disney's gaming app, Princess Palace Pets, before the child was at an age of consent of 13 years of age.

According to the Federal Trade Commission, online services that collect private and personal information or data on users under the age of 13 are required by law to display a privacy policy that is plain to read and easy to understand which divulges the kind of information being collected and what the data collected might be used for.

More importantly, those services must obtain explicit consent from parents in order to then collect private information on under-aged users.

“Plaintiff never knew that Defendants collected, disclosed, or used her child’s personal information because Defendants at all times failed to provide Plaintiff any of the required disclosures, never sought verifiable parental consent, and never provided a mechanism by which Plaintiff could provide verifiable consent,” the class-action lawsuit further alleges. “Defendants’ tracking and collection of L.L.’s personal information without her verifiable parental consent is highly offensive to Ms. Rushing and constitutes an invasion of her child’s privacy and of Ms. Rushing’s right to protect her child from this invasion.”

A Disney spokesperson responded to the class action lawsuit by saying: "Disney has a robust COPPA compliance program, and we maintain strict data collection and use policies for Disney apps created for children and families. The complaint is based on a fundamental misunderstanding of COPPA principles, and we look forward to defending this action in court."

Is Mickey Mouse spying on your kids...again?

We love hearing nothing more than a Mickey Mouse interpretation of the law from Disney's legal department.

The COPPA online privacy law of 1999 was first made famous earlier this year in a wildly-popular episode of the HBO comedy cable TV series, "Silicon Valley," entitled, "Terms of Service." (See the two video clips below.)
     

In that episode, a fictitious Silicon Valley start-up app developer, named Dinesh Chugtai, who developed a hot, up-and-coming video-chat app, called PiperChat, targeted primarily to children (and also unwittingly to child predators) learned he could be fined $16,000 per use, for every user under the age of 13 who used his app, for failing to obtain parental consent to collect personal data on the users through the app.
      

At a starting point of a minimum $16,000 fine per violation, Dinesh learns from his lawyer in the episode that, with every use by a child under 13, the federal fines would rack up to a total of $21 billion in damages, effectively bankrupting the company and possibly placing Dinesh personally liable for gross negligence with the possibility of serving prison time.

In reality, however, the fines under COPPA on the books are far more worse than what the cable TV show illustrated as its key plot point.

Since the law was reworked in 2012, fines have now been increased to between $16,000 to $40, 654 per individual violation of the act, which became effective as of August 1, 2016.

This is the very reason why children are not allowed to have a YouTube, Facebook, Twitter, Instagram, Snapchat or any other online account under their terms of services before the age of 13.

Even multi-billion dollar Silicon Valley internet giants like Google, Facebook, Apple, and Twitter are not willing to risk these kinds of exorbitant government fines or lawsuits to get any private or personal data on under-aged children.

Thus, the legal liabilities for the Walt Disney Company to settle this proposed class-action lawsuit may be immense, if not astronomically mind-boggling to grasp.

The plaintiffs to the proposed class-action lawsuit could ask for a strict interpretation of the punitive damages as outlined in the COPPA law for gross misconduct, since Disney had previously violated COPPA in the same manner on at least two different occasions in the past. (See Newsy YouTube video at the top.)

In 2011, the U.S. Federal Trade Commission (FTC) fined Disney's digital subsidiary, Playdom Inc., $3 million after Disney registered about 1.2 million under-aged users without any parental consent for online games.

The FTC lawsuit said that Disney illegally collected children's e-mails, ages and other personal and private information on the users online and disclosed the under-aged users' data to third-party advertisers.

Watch out! Because Big Brother is watching your kids too

Two years later in 2013, the Center for Digital Democracy accused Disney's MarvelKids.com of similar COPPA violations. And in September of 2016, Disney World began scanning fingerprints of children, including those under the age of 13 but primarily from the ages of 3 to 9 without getting consent from parents, using biometric technology known as Ticket Tag Service at its theme parks in Florida, which the company collects personal identifiable information of under-aged children and transmits online as a way to reduce ticket fraud.

While those previous accusations, some of which involved government regulatory actions against the Walt Disney Company which tend to be considerably more lenient than individual lawsuits especially against large, powerful corporations with a lot of political clout, this latest lawsuit may have much more teeth since it will likely get class-action status, and Disney will have to pay the victims a much much larger sum for punitive damages, especially if a large number of victims come forward and can be identified.

If you guesstimate that there are about one million users for one particular Disney gaming app—there are as many as 42 apps named in the suit which have violated COPPA (e.g., AvengerNet, Beauty and the Beast, Perfect Match, Cars Lightening League, Club Penguin Island, Color by Disney, Disney Color and Play, Disney Crossy Road, Disney Dream Treats, Disney Emoji Blitz, Disney Gif, Disney Jigsaw Puzzle!, Disney LOL, Disney Princess Palace Pets, Disney Princess: Story Theater, Disey Store Become, Disney Story Central, Disney's Magic Timer by Oral-b, Disney Princess: Charmed Adventures, Dodo Pop, Disney Build It Frozen, DuckTales: Remastered, Frozen Free Fall, Frozen Free Fall: Icy Shot, Good Dinosaur Storybook Deluxe, Inside Out Thought Bubbles, Maleficent Free Fall, Miles from Tomorrowland: Missions, Moana Island Life, Olaf's Adventures, Palace Pets in Whisker Haven, Sofia the First Color and Play, Sofia the First Secret Library, Star Wars: Puzzle DroidsTM, Star WarsTM: Commander, Temple Run: Oz, Temple Run: Brave, The Lion Guard, Toy Story: Story Theater, Where’s My Water?, Where's My Mickey?, Where's My Water? 2, Where’s My Water? Lite/Where’s My Water? Free, and Zootopia Crime Files: Hidden Object) and the actual numbers are actually much higher than a million users—the award to the plaintiffs could land anywhere between $16 billion to over $40 billion in punitive damages for one app alone in violation of COPPA against the House of Mouse.

You can multiply those damages by 42, if you include each app that similarly violated the federal children's privacy act. The theoretical punitive damages could land anywhere from $672 billion to $1.68 trillion, if the case goes to trial simply on the conservative numbers we assumed.

While we don't believe the Walt Disney Company will be liable for that level of damages because they have powerful lawyers on their side, they nonetheless will be paying a lot more than they had previously settled for because this lawsuit will likely be granted class-action status on a very large number of under-aged victims.

The problem that caused the fictional Dinesh Chugtai's legal woes in the episode of "Silicon Valley" is exactly the same as the Disney case. Disney never placed any explicit terms of services for their apps which attempted to notify parents or get their consent to collect personal information on their children.

   

Unfortunately for Disney, you have to get both because children that young are considered too vulnerable and incapable of giving that kind of consent themselves online, and most importantly of all, this was not the first time that Disney got caught for this exact same offense, so that makes Disney much more grossly in violation of COPPA this time around.

       

        

 Sources: 

• NY Daily News: Disney sued for allegedly compromising children’s privacy (8/11/17)
• UPI: Lawsuit: Disney gathered private info from children via game apps (8/10/17)
• PC Magazine: Lawsuit Claims Disney Is Violating COPPA, Tracking Kids in 42 Apps (8/10/17)
• Vibe: Disney Is Being Sued For Collecting Personal Data From Young App Users (8/10/17)
• Inquistr: DISNEY SMARTPHONE APPS ‘ARE SPYING’ ON CHILDREN LAWSUIT ALLEGES: SEE THE LIST INCLUDED IN SUIT (8/10/17)
• Good Housekeeping: These Popular Disney Apps Are Spying on Your Kids, a New Lawsuit Claims (8/09/17)
• NY Post: Disney is spying on your kids through gaming apps: suit (8/09/17)
• Salon: Big Brother Mickey: Class-action lawsuit alleges Disney spied on children through several apps (8/09/17)
• Verge: Disney sued for allegedly spying on children through 42 gaming apps (8/09/17), with lawsuit
• Fox News: Disney apps spying on children, lawsuit claims (8/09/17), with video
• Newsday: 42 Disney apps spying on your kids, lawsuit claims (8/08/17)
• Investopedia: Disney Sued for Spying on Kids Through Apps (8/08/17)
• Chicago Tribune: These 42 Disney apps are spying on your kids, lawsuit claims (8/08/17)
• MovieWeb: Disney Accused of Illegally Spying on Kids Through Mobile Apps (8/08/17)
• The Daily Beast: Lawsuit: Disney Apps Are Spying on Kids (8/08/17)
• Washington Post: These 42 Disney apps are allegedly spying on your kids (8/07/17), with video
• SF Gate: SF mother's lawsuit: Disney is illegally tracking children through its apps (8/07/17)
• Fox13 Memphis: Lawsuit claims more than 40 Disney apps are spying on kids (8/07/17), with video
• NBC4 New York: Lawsuit Claims Disney Apps Illegally Track Kids (8/07/17), with video
• NBC Bay Area: Lawsuit Claims Disney Apps Track, Collect Kids' Digital Information Illegally (8/07/17), with video
• CBS News: Lawsuit accuses Disney of collecting kids' info on game apps (8/07/17), with video
• KOB4 Albuquerque: Mother sues Disney claiming it spies on children through apps (8/07/17), with video
• Breitbart: Lawsuit Accuses Disney of Violating Children’s Online Privacy Protection Act (8/04/17)
• Gizmodo: Lawsuit Claims Disney Spied on Kids Playing Mobile Games and Sold Info to Advertisers (8/04/17)
• The Hollywood Reporter: Disney Accused of Illegally Tracking Children Via Apps in New Lawsuit (8/04/17)
• Amanda Rushing and her child "L.L." vs. The Walt Disney Company, et.al (8/03/17)
• Forbes: The Truth About Dinesh Chugtai's $21 Billion COPPA Violation Fine (5/02/17)
• COPPA Law Attorney: New COPPA Penalties - Dramatic Increase To $40,000 Per Violation (7/08/16)
• VentureBeat: Big data, little kids, and the parents in between (4/08/14)
• U.S. Federal Trade Commission: Operators of Online "Virtual Worlds" to Pay $3 Million to Settle FTC Charges That They Illegally Collected and Disclosed Children's Personal Information (5/12/11)
• U.S. Federal Trade Commission: Children's Online Privacy & Protection Act (COPPA)