News
Commentary
7/28/2004
01:44 PM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Hooked On Phonics Gets Hooked

There's a lesson to be learned about terms-of-service policies from the FTC's recent action against Gateway Learning Co.

In the first enforcement case of its kind, the Federal Trade Commission last month disclosed the settlement of its claims against Gateway Learning Co., which owns Hooked on Phonics, under Section 5 of the FTC Act for misrepresenting its data-collection and -sharing policies. (Section 5 of the FTC Act covers unfair and deceptive practices, as well as consumer fraud, misrepresentation, and false claims.)

Gateway was required to pay a fine of $4,600, the proceeds it received from sharing its users' personal information with marketers. The information shared included personal information about children under the age of 13.

Gateway had a privacy policy in effect at its hop.com Web site from 2000 until June 2003 (known as the "Earlier Privacy Policy"). The Earlier Privacy Policy contained special provisions, under the title of a "Promise of Privacy," relating to (among other provisions):

  • The use of personal information collected about or from its users


  • The use of children's personal information


  • How it would notify site users of any changes in the privacy policy

(These provisions of the text of the privacy policy in effect at the Web site on Dec. 6, 2001, were taken from Exhibit A to the FTC's complaint against Gateway, as it appears at the FTC Web site.)

In April 2003, Gateway began sharing the names, addresses, telephone numbers, and purchasing histories, as well as the ages and genders of the users' children, with marketers for direct-mail and telemarketing purposes without customers' consent. Two months later, on June 20, 2003, a new privacy policy was posted at the Web site (known as the "Later Privacy Policy").

The provision regarding sharing of personal information with third parties was changed, however, to provide that the company would, from time to time, share personal information unless customers expressly ask them not to. (See Exhibit B to the FTC's complaint against Gateway.)

Despite its promise to notify users of any material changes in the company's information, no special notations or notices of the change were provided either at the Web site or via E-mail. A few weeks later, Gateway ceased sharing this information with marketers. On July 17, 2003, Gateway once again changed its privacy policy, this time to include an "updated date" and slightly revised personal-information-use provisions, as well as a new provision omitting any promises as to the use of children's personal information. The new provision relating to children's information excluded previous representations about not sharing personal information about children under 13 years of age. (See Exhibit C to the FTC's complaint against Gateway.)

Specifically, the FTC charged Gateway with:

  • Making false claims when it promised in its Web-site privacy policy not to sell, rent, or loan to third parties consumers' personal information unless it received the consumers' consent, and that it would never share information about children


  • Committing an unfair practice when it attempted retroactively to make material changes to an existing privacy policy to now permit sharing of personal information


  • Committing a deceptive practice by failing to notify its users (as promised in the privacy policy) of these changes

The full FTC release can be accessed here. According to Howard Beales, director of the FTC's Bureau of Consumer Protection, the issue is simple. "If you collect information and promise not to share, you can't share unless the consumer agrees. You can change the rules but not after the game has been played."

What does the decision tell us about changes to privacy policies and terms of service at Web sites? It tells us that if you don't adhere to your promises, the FTC will come knocking on your door. To look at the issue from a legal enforceability standpoint, visit my blog or my Web site.

Return to main story:
"Get Real About Your Terms-Of-Service Agreements"

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 23, 2014
Intrigued by the concept of a converged infrastructure but worry you lack the expertise to DIY? Dell, HP, IBM, VMware, and other vendors want to help.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.