The operator of social game site RockYou has agreed to settle charges that it failed to protect user privacy, allowing hackers to access the e-mail addresses and e-mail passwords of 32 million users, including children.
According to the Federal Trade Commission, many consumers used RockYou to make slide shows from their personal photos. To save the slides, they had to enter an e-mail and e-mail password.
The Children's Online Privacy Protection Act Rule requires that website operators notify parents and obtain consent before they collect, use, or disclose personal information from children under 13. The FTC alleged that RockYou knowingly collected approximately 179,000 children's email addresses and passwords during registration, without their parents' consent. The company asked for childrens' date of birth, and so accepted registrations from children under 13.