HACKENSACK, N.J. - New Jersey on Wednesday accused a Los Angeles mobile-application company of collecting personal information from children who download their educational games, then transmitting it to a third-party company without notifying the children's parents or obtaining their consent.
In a lawsuit filed in federal court in New Jersey, the Division of Consumer Affairs alleges that the company, 24x7digital, violated the federal Children's Online Privacy Protection Act.
"Mobile devices can capture and transmit a wealth of personal information about users, including their identities and even their geographic location. When we find that companies are using this ability to transmit information about children without their parents' knowledge or consent, we will take immediate action," Attorney General Jeffrey S. Chiesa said.
The company is the developer and operator of the "Teach Me" apps for the iPhone, iPad and iPod Touch. The apps include educational games called "TeachMe: Toddler," "TeachMe: Kindergarten," "TeachMe: 1st Grade" and "TeachMe: 2nd Grade." The games are all among the 35 best-selling applications available in the education category of Apple's App Store, state officials noted.
"We appreciate the educational component of these apps," said Eric T. Kanefsky, acting director of the DCA, "but under no circumstances is it acceptable to transmit identifying information about toddlers or first- and second-graders without the informed consent of their parents."
Children who use the "TeachMe" apps are encouraged to provide their names and a picture of themselves when creating player profiles. DCA investigators found that the apps allegedly transmitted personal information including the first and last names provided by users, as well as the unique device identification number that identifies the specific mobile device a player is using to a third-party data analytics company.
That practice, the state alleges, violates COPPA, passed by Congress in 1998 in response to concerns that commercial websites were collecting and disseminating the personal information on children without disclosing that activity and obtaining parental consent.
A DCA spokesman, Neal Buccino, emphasized that, as far as the division knows, 24x7digital did not transmit any of the children's photos to the third-party company.
"We're not alleging anything about the company that received the information," he added.
But the lawsuit doesn't specify what the other company San Francisco-based Flurry Inc. does with the information. According to its website, one of Flurry's services is to analyze data for its clients' own use. That leaves open the possibility that the children's personal information is analyzed and then returned to 24x7digital.
Phone calls to the principals and offices of the companies were not returned Wednesday.
An executive of a Boston non-profit that focuses on protecting children from being targeted for commercial purposes said he's still concerned if, in fact, the information was collected in the first place without parental consent.
"We're relying on the company's good faith," said Josh Golin, associate director of the Campaign for Commercial-Free Childhood. "Even if they're using it for benign purposes, there's potential for abuse down the road."
Golin added that one of the reasons COPPA was enacted was to ensure that companies are open about what they do with information gathered from children.
"The fact that we have to be sitting here speculating about what they're doing with the information is a problem in itself," he said.