Skip to main content

EchoMetrix Settles FTC Complaint Over Disclosure of Children's Information to Marketers

The Federal Trade Commission (FTC) has reached a settlement with EchoMetrix over charges that it failed to inform parents that information it was collecting about their children would be disclosed to third-party marketers.  The company's website says that EchoMetrix is a publicly traded systems development company that "understands and interprets content on the digital web."

According to its press release, the FTC claimed that EchoMetrix did not adequately disclose to parents that information it collected from its Sentry software program allowing parents to monitor their children's online activities also was being shared with marketers through EchoMetrix's Pulse marketing research program. EchoMetrix also advertised Pulse, a web-based market research software program that it claimed would allow marketers to see “unbiased, unfiltered, anonymous” content from social media websites, blogs, forums, chats and message boards. One source of content available to Pulse users, the FTC alleged, was portions of the online activity of children recorded by the Sentry software.

The FTC charged that EchoMetrix violated federal law by failing to notify parents who subscribed to Sentry that information about their children's online activities would be shared with third-party marketers. "The only disclosure made to parents about this practice was a vague statement approximately 30 paragraphs into a multi-page end user license agreement," the FTC said.

As part of the settlement, EchoMetrix has agreed not to share or use information it has obtained from its Sentry program or any other program for purposes other than allowing registered users to access their accounts. It also requires the company to destroy information it has transferred from the Sentry program to its Pulse database.  The settlement also contains standard reporting and record-keeping provisions to allow the FTC to monitor compliance.

Again, the FTC has made it clear that businesses will be held to the representations that they make to the public in privacy policies and public statements regarding the collection and use of personal data.   In the EchoMetrix case, there was vague language buried in an End User License Agreement that information collected from children using software that was supposed to protect them might be disclosed to third parties.  If you have not checked your online disclosure for more than a year, it's time to do so to ensure that you are adequately informing your end users of what information you collect, how you collect it and how you use it.

David Vladeck, Director of the FTC's Bureau of Consumer Protection was clear in his statement regarding the settlement: "Companies need to make clear disclosures about how they are going to use and share personal information they collect online – even more so when that information relates to children.  In this case – because selling children’s information to marketers is completely contrary to the purpose of the parental monitoring software used to collect it – EchoMetrix agreed to an order that simply prohibits the company from using or sharing Sentry information for other purposes.”

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.