Hooked On Phonics Gets Hooked - InformationWeek
01:44 PM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Hooked On Phonics Gets Hooked

There's a lesson to be learned about terms-of-service policies from the FTC's recent action against Gateway Learning Co.

In the first enforcement case of its kind, the Federal Trade Commission last month disclosed the settlement of its claims against Gateway Learning Co., which owns Hooked on Phonics, under Section 5 of the FTC Act for misrepresenting its data-collection and -sharing policies. (Section 5 of the FTC Act covers unfair and deceptive practices, as well as consumer fraud, misrepresentation, and false claims.)

Gateway was required to pay a fine of $4,600, the proceeds it received from sharing its users' personal information with marketers. The information shared included personal information about children under the age of 13.

Gateway had a privacy policy in effect at its hop.com Web site from 2000 until June 2003 (known as the "Earlier Privacy Policy"). The Earlier Privacy Policy contained special provisions, under the title of a "Promise of Privacy," relating to (among other provisions):

  • The use of personal information collected about or from its users

  • The use of children's personal information

  • How it would notify site users of any changes in the privacy policy

(These provisions of the text of the privacy policy in effect at the Web site on Dec. 6, 2001, were taken from Exhibit A to the FTC's complaint against Gateway, as it appears at the FTC Web site.)

In April 2003, Gateway began sharing the names, addresses, telephone numbers, and purchasing histories, as well as the ages and genders of the users' children, with marketers for direct-mail and telemarketing purposes without customers' consent. Two months later, on June 20, 2003, a new privacy policy was posted at the Web site (known as the "Later Privacy Policy").

The provision regarding sharing of personal information with third parties was changed, however, to provide that the company would, from time to time, share personal information unless customers expressly ask them not to. (See Exhibit B to the FTC's complaint against Gateway.)

Despite its promise to notify users of any material changes in the company's information, no special notations or notices of the change were provided either at the Web site or via E-mail. A few weeks later, Gateway ceased sharing this information with marketers. On July 17, 2003, Gateway once again changed its privacy policy, this time to include an "updated date" and slightly revised personal-information-use provisions, as well as a new provision omitting any promises as to the use of children's personal information. The new provision relating to children's information excluded previous representations about not sharing personal information about children under 13 years of age. (See Exhibit C to the FTC's complaint against Gateway.)

Specifically, the FTC charged Gateway with:

  • Making false claims when it promised in its Web-site privacy policy not to sell, rent, or loan to third parties consumers' personal information unless it received the consumers' consent, and that it would never share information about children

  • Committing an unfair practice when it attempted retroactively to make material changes to an existing privacy policy to now permit sharing of personal information

  • Committing a deceptive practice by failing to notify its users (as promised in the privacy policy) of these changes

The full FTC release can be accessed here. According to Howard Beales, director of the FTC's Bureau of Consumer Protection, the issue is simple. "If you collect information and promise not to share, you can't share unless the consumer agrees. You can change the rules but not after the game has been played."

What does the decision tell us about changes to privacy policies and terms of service at Web sites? It tells us that if you don't adhere to your promises, the FTC will come knocking on your door. To look at the issue from a legal enforceability standpoint, visit my blog or my Web site.

Return to main story:
"Get Real About Your Terms-Of-Service Agreements"

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll