The FTC settlement bars future deceptive claims by the company regarding privacy and data security and requires it to implement and maintain a data security program.
The FTC also charged RockYou with collecting information from 179,000 children, which the agency said was a violation of the Children’s Online Privacy Protection Act (COPPA). In the settlement, RockYou agreed to pay a $250,000 civil penalty to settle the COPPA charges.
The FTC alleged that RockYou knowingly collected approximately 179,000 children's email addresses and associated passwords during registration – without their parents' consent – and enabled children to create personal profiles and post personal information on slide shows that could be shared online. The company asked for kids' date of birth, and so accepted registrations from kids under 13, a violation of COPPA.
Whether RockYou can pay the fine remains to be seen. The financial troubled company settled a class-action lawsuit by its users over the breach that resulted in the loss of usernames, passwords, and emails of its 32 million users. The man who filed lawsuit, Alan Claridge, received only $2,000 and his lawyers received $290,000 in the settlement, although RockYou said it was not able to pay the judgment.