Bad Hello Kitty? App Accused of Collecting Too Much Data From Kids.

The Citizen's Guide to the Future
Dec. 18 2013 3:21 PM

Bad Hello Kitty? App Accused of Collecting Too Much Data From Kids.

Will curiosity about kid users kill the Hello Kitty app?

Photo by John Sciulli/Getty Images for Children Mending Hearts

Is Hello Kitty our kitteh NSA? The cultishly popular cartoon cat with the big red bow may be tracking kids on their smartphones, in contravention of federal privacy regulations.

A new filing from the Center for Digital Democracy requests that the Federal Trade Commission investigate both Tokyo-based Sanrio Co.’s Hello Kitty Carnival mobile app and the website, which is run by Disney subsidiary Marvel. The CDD believes that the site and app violate the Children’s Online Privacy Protection Act, which requires parental notice and consent before collecting and disseminating the information of children under the age of 13.

The Hello Kitty Carnival mobile app is a free downloadable game in which kids earn virtual coins by running carnival rides, and hosts shows and games about superheroes like Spider-Man and Wolverine. Both collect a whole host of personal, potentially identifying data. According to the CDD, collects personal details from visitors to the site, and tracks them before and after their visit. But the site does not obtain parental consent for this data gathering—required by COPPA for children under the age of 13. Neither does it explicitly notify parents before sharing information with ad and marketing companies like BlueKai, DataXu, Turn, and Google DoubleClick. The site asks rather that users “opt-out” of this sharing, but COPPA requires that this option be automatically turned off.


While Hello Kitty is (oddly?) popular with some adults, its Carnival app is deliberately directed at children, according to the CDD. It’s marketed in the “4+” category on iTunes and as “low maturity” on Google Play. Push notifications are used to remind kids to play, and the promise of coin rewards encourage kids to connect to Facebook through the app. They are also given coins for downloading other apps and for providing an email address—incentives that seem designed to maximize the amount of information children share. The app can even access the mobile devices' photos during the game, which could of course include photos of the kids.* Clueful, an online privacy monitoring service engaged by the CDD to examine the Hello Kitty app, described it as a “moderate privacy risk.”

The CDD’s filing also calls into question the effectiveness of the industry’s self-regulation standards. displays the Children's Advertising Review Unit Kid's Privacy Safe Harbor seal, a child-directed advertising and marketing industry self-regulation standard designed to ensure that sites are compliant with children’s privacy regulations. Clicking on the seal brings up the CARU site, which today states: “We were unable to find an active record for the seal number provided.” However the CDD filing says that in early December the same page declared that the information practices of Marvel Entertainment Inc. had been reviewed and met the standards of CARU Kid's Privacy Safe Harbor Program. CARU could not be reached for comment about the reversal.

To Kathryn Montgomery, a professor at American University and a leader in the original campaign to pass COPPA, the CARU’s change in stance suggests that the safe harbor seal was granted almost automatically, with no real oversight.

“Despite the recent update to COPPA, it seems like companies are continuing with business as usual and engaging in the kinds of data collecting and targeting that are state of the art for adult content,” she told me. She added that CARU may be either unwilling or simply unable to get companies like Marvel or Hello Kitty’s Sanrio to comply with new privacy rules designed to better protect children online.

Correction, Dec. 18, 2013: This blog post originally and incorrectly stated that the Hello Kitty Carnival app asks users to take photos of themselves. The app doesn't do that, but it is able to access mobile devices' photos while in use, which could of course include photos of kids.

Future Tense is a partnership of SlateNew America, and Arizona State University.



Talking White

Black people’s disdain for “proper English” and academic achievement is a myth.

Hong Kong’s Protesters Are Ridiculously Polite. That’s What Scares Beijing So Much.

The One Fact About Ebola That Should Calm You: It Spreads Slowly

Operation Backbone

How White Boy Rick, a legendary Detroit cocaine dealer, helped the FBI uncover brazen police corruption.

A Jaw-Dropping Political Ad Aimed at Young Women, Apparently

The XX Factor
Oct. 1 2014 4:05 PM Today in GOP Outreach to Women: You Broads Like Wedding Dresses, Right?

How Even an Old Hipster Can Age Gracefully

On their new albums, Leonard Cohen, Robert Plant, and Loudon Wainwright III show three ways.

How Tattoo Parlors Became the Barber Shops of Hipster Neighborhoods

This Gargantuan Wind Farm in Wyoming Would Be the Hoover Dam of the 21st Century

Oct. 1 2014 8:34 AM This Gargantuan Wind Farm in Wyoming Would Be the Hoover Dam of the 21st Century To undertake a massively ambitious energy project, you don’t need the government anymore.
  News & Politics
Oct. 1 2014 7:26 PM Talking White Black people’s disdain for “proper English” and academic achievement is a myth.
Buy a Small Business
Oct. 1 2014 11:48 PM Inking the Deal Why tattoo parlors are a great small-business bet.
Dear Prudence
Oct. 2 2014 6:00 AM Can’t Stomach It I was shamed for getting gastric bypass surgery. Should I keep the procedure a secret?
  Double X
The XX Factor
Oct. 1 2014 5:11 PM Celebrity Feminist Identification Has Reached Peak Meaninglessness
  Slate Plus
Behind the Scenes
Oct. 1 2014 3:24 PM Revelry (and Business) at Mohonk Photos and highlights from Slate’s annual retreat.
Brow Beat
Oct. 1 2014 9:39 PM Tom Cruise Dies Over and Over Again in This Edge of Tomorrow Supercut
Future Tense
Oct. 1 2014 6:59 PM EU’s Next Digital Commissioner Thinks Keeping Nude Celeb Photos in the Cloud Is “Stupid”
  Health & Science
Oct. 1 2014 4:03 PM Does the Earth Really Have a “Hum”? Yes, but probably not the one you’re thinking.
Sports Nut
Oct. 1 2014 5:19 PM Bunt-a-Palooza! How bad was the Kansas City Royals’ bunt-all-the-time strategy in the American League wild-card game?