Privacy & Information Security Law Blog

On September 7, 2022, the Children’s Advertising Review Unit (“CARU”) of BBB National Programs announced its finding that Tilting Point Media, LLC (“Tilting Point”), owner and operator of the SpongeBob: Krusty Cook-Off app (the “App”), violated the Children’s Online Privacy Protection Act (“COPPA”) and CARU’s Self-Regulatory Guidelines for Advertising and for Children’s Online Privacy Protection (“CARU’s Guidelines”). CARU has recommended a variety of corrective actions with respect to Tilting Point’s advertising and privacy practices.

The SpongeBob: Krusty Cook-Off app came to CARU’s attention through its routine monitoring of child-directed content. The App, which features characters from the children’s show SpongeBob SquarePants, is considered a “mixed-audience” child-directed app and, accordingly, is subject to both COPPA and CARU’s Guidelines. As the operator of a mixed audience child-directed app, Tilting Point is required under COPPA and CARU’s Guidelines to ensure either no personal information is collected, used, or disclosed from users under age 13, or that notice is provided and verifiable parental consent is obtained prior to such collection, use, or disclosure.

CARU noted that the App had an age screen but that it did not prevent CARU from using the app as though it was a 10-year-old child, agreeing to Tilting Point’s terms of service and privacy policy, and consenting to the processing of data for the purpose of receiving personalized advertising. Once in the App, nothing prevented CARU  from granting permission to track its activity across other companies’ apps and websites for the purpose of delivering personalized ads. Consequently, CARU determined that Tilting Point violated COPPA and CARU’s Guidelines by failing to provide a neutral and effective age screen to limit users under the age of 13 to content that does not involve the collection, use or disclosure of personal information, or to obtain verifiable parental consent before the collection, use or disclosure of any personal information from children.

CARU further found that Tilting Point violated CARU’s Guidelines by employing tactics that manipulated and deceived children. The App presented multiple automated ads that often appeared upon completion of a game level and could not be stopped or dismissed until users had downloaded the advertised app or watched the entire ad. These video ads often included interactive features that mimicked the app’s gameplay, encouraging players to engage with the ad. Players also were induced to watch the ads with the promise of virtual currency rewards such as more “coins” and “free gems.” CARU determined these ads unduly interfered with gameplay, encouraged excessive ad-viewing by children through deceptive door openers and other manipulative design techniques, required children to download and install unnecessary apps, and often provided unclear and inconspicuous methods for children to exit the ad and return to the game.

As a result, CARU recommended that Tilting Point take the following corrective actions:

• Update its age screening mechanism to allow users to freely enter the month and year of their birth and, use technical measures to prevent a child from entering a different age once they initially submit their age.
• Update its privacy policy to align with COPPA and better reflect its data practices as a mixed-audience site.
• Correct its data collection practices regarding third parties.
• If needed in the future, put in place a verifiable parental consent mechanism before any feature requiring it launches in the app.
• Take concrete steps to make the identifiers and disclosures for ads clear and conspicuous so that engagement with ads will not occur unknowingly.
• Direct its ad networks to make the exit functionality more prominent and obvious to users.
• Work with its ad networks to provide exit functionality to enable users to stop an ad via the first screen that appears when the ad launches.
• Identify and terminate the ad network serving unsafe ads for children and establish safeguards to ensure they do not return.