Last year, the Associated Press reported that EchoMetrix Inc.’s Sentry and FamilySafe software, sold to allow parents to monitor kids’ online activities, can “read private chats conducted through Yahoo, MSN, AOL and other services, and send that data back to the company. The information is then offered to businesses seeking ways to tailor their marketing messages to kids.” There was public resistance to the practice and people began looking into the company’s products. In September, New York Attorney General Andrew Cuomo announced that the state has negotiated “a settlement that stops the software company Echometrix from gathering information from children’s private online conversations and offering it to paying marketers.”
Now, the Federal Trade Commission has reached a settlement with Echometrix concerning the company’s surreptitious collection and sale of children’s data. The FTC said:
EchoMetrix sells its Sentry software to parents to allow them to monitor their children’s online activities. When Sentry is installed on a computer, parents can log in to their Sentry account and view the activity taking place on the target computer, including chat conversations, instant messaging and the web history.
According to the FTC, EchoMetrix also advertised Pulse, a web-based market research software program that it claimed would allow marketers to see “unbiased, unfiltered, anonymous” content from social media websites, blogs, forums, chats and message boards. One source of content available to Pulse users, the FTC alleged, was portions of the online activity of children recorded by the Sentry software.
The FTC charged that EchoMetrix violated federal law by failing to adequately disclose to parents, the Sentry subscribers, that it would share the information it gathered from their children through the use of its Sentry monitoring program with third-party marketers through Pulse. The only disclosure made to parents about this practice was a vague statement approximately 30 paragraphs into a multi-page end user license agreement.
To settle this case, EchoMetrix has agreed not to use or share the information it obtained through its Sentry program – or any similar program – for any purpose other than allowing a registered user to access his or her account. The settlement order also requires the company to destroy the information it had transferred from the Sentry program to its Pulse database of marketing information. […]
The settlement also contains standard reporting and record-keeping provisions to allow the FTC to monitor compliance. Complaints filed by both the Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD) helped bring this matter to the FTC’s attention.