The U.S. Federal Trade Commission (FTC) recently announced a $1 million settlement with Sony BMG Music Entertainment (Sony Music) to resolve charges that Sony Music violated the Children’s Online Privacy Protection Act of 1998 (COPPA).  The FTC Complaint alleged that Sony Music improperly collected, maintained, and disclosed personal information from thousands of children under the age of 13 on certain Sony Music websites, without their parents’ consent. 
COPPA and its implementing rule prohibit the unauthorized or unnecessary collection of children’s personal information online by operators of commercial websites or online services.  COPPA rules describe website operators’ general obligations to protect childrens’ privacy and safety online, set out the information that website operators must include in privacy policies, and provide guidance about when/how website operators must notify parents regardling collection/consent to disclosure of childrens’ information.
The FTC Complaint alleged that Sony Music operated over 1,100 music-related websites that collected registration data and personal information from individual users, including several websites that collected personal information from at least 30,000 underage children, without first obtaining parental consent.  The Sony Music websites had social networking features allowing the children to interact with other Sony Music users.  The FTC contended that Sony Music:  failed to provide sufficient notice on its websites of what information it collected online from children, how it used the information, and related disclosure/content practices; failed to provide direct notice to parents of such information practices; failed to obtain verifiable parental consent before collecting, using, and/or disclosing childrens’ information; and failws to provide a reasonable means for parents to review the childrens’ personal information and to refuse to permit its further use or maintenance.  The FTC Complaint further charged that Sony Music’s online privacy policy falsely represented that users under the age of 13 would be restricted from participating in certain online activities, when no such bar apparently existed.
The Consent Decree entered by the U.S. District Court for the Southern District of New York on December 15, 2008 provided some significant remedies.  In addition to the $1 million civil penalty, Sony Music was prohibited from violating any provision of the COPPA Rule, required to delete all personal information collected and maintained in violation of COPPA, required to distribute the FTC’s publication How to Comply with the Children’s Online Privacy Protection Rule to its personnel, must link to FTC consumer education materials, and must comply with detailed compliance, reporting, and record-keeping requirements under COPPA.  The Consent Decree also addresses the social network aspect, in that Sony Music must include links to the social networking section of the FTC’s onguardonline website on any Sony Music site that allows users to create publicly-viewable profiles
The FTC Complaint is not a finding or ruling that Sony Music actually violated the law, and the Consent Order is for settlement purposes only and do not necessarily constitute an admission by the defendant of violation of any law.