Bad Hello Kitty? App Accused of Collecting Too Much Data From Kids.

Future Tense
The Citizen's Guide to the Future
Dec. 18 2013 3:21 PM

Bad Hello Kitty? App Accused of Collecting Too Much Data From Kids.

Will curiosity about kid users kill the Hello Kitty app?

Photo by John Sciulli/Getty Images for Children Mending Hearts

Is Hello Kitty our kitteh NSA? The cultishly popular cartoon cat with the big red bow may be tracking kids on their smartphones, in contravention of federal privacy regulations.

A new filing from the Center for Digital Democracy requests that the Federal Trade Commission investigate both Tokyo-based Sanrio Co.’s Hello Kitty Carnival mobile app and the website, which is run by Disney subsidiary Marvel. The CDD believes that the site and app violate the Children’s Online Privacy Protection Act, which requires parental notice and consent before collecting and disseminating the information of children under the age of 13.

The Hello Kitty Carnival mobile app is a free downloadable game in which kids earn virtual coins by running carnival rides, and hosts shows and games about superheroes like Spider-Man and Wolverine. Both collect a whole host of personal, potentially identifying data. According to the CDD, collects personal details from visitors to the site, and tracks them before and after their visit. But the site does not obtain parental consent for this data gathering—required by COPPA for children under the age of 13. Neither does it explicitly notify parents before sharing information with ad and marketing companies like BlueKai, DataXu, Turn, and Google DoubleClick. The site asks rather that users “opt-out” of this sharing, but COPPA requires that this option be automatically turned off.


While Hello Kitty is (oddly?) popular with some adults, its Carnival app is deliberately directed at children, according to the CDD. It’s marketed in the “4+” category on iTunes and as “low maturity” on Google Play. Push notifications are used to remind kids to play, and the promise of coin rewards encourage kids to connect to Facebook through the app. They are also given coins for downloading other apps and for providing an email address—incentives that seem designed to maximize the amount of information children share. The app can even access the mobile devices' photos during the game, which could of course include photos of the kids.* Clueful, an online privacy monitoring service engaged by the CDD to examine the Hello Kitty app, described it as a “moderate privacy risk.”

The CDD’s filing also calls into question the effectiveness of the industry’s self-regulation standards. displays the Children's Advertising Review Unit Kid's Privacy Safe Harbor seal, a child-directed advertising and marketing industry self-regulation standard designed to ensure that sites are compliant with children’s privacy regulations. Clicking on the seal brings up the CARU site, which today states: “We were unable to find an active record for the seal number provided.” However the CDD filing says that in early December the same page declared that the information practices of Marvel Entertainment Inc. had been reviewed and met the standards of CARU Kid's Privacy Safe Harbor Program. CARU could not be reached for comment about the reversal.

To Kathryn Montgomery, a professor at American University and a leader in the original campaign to pass COPPA, the CARU’s change in stance suggests that the safe harbor seal was granted almost automatically, with no real oversight.

“Despite the recent update to COPPA, it seems like companies are continuing with business as usual and engaging in the kinds of data collecting and targeting that are state of the art for adult content,” she told me. She added that CARU may be either unwilling or simply unable to get companies like Marvel or Hello Kitty’s Sanrio to comply with new privacy rules designed to better protect children online.

Correction, Dec. 18, 2013: This blog post originally and incorrectly stated that the Hello Kitty Carnival app asks users to take photos of themselves. The app doesn't do that, but it is able to access mobile devices' photos while in use, which could of course include photos of kids.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Ariel Bogle, a contributor to Future Tense, is an associate editor at New America.



Driving in Circles

The autonomous Google car may never actually happen.

Where Ebola Lives Between Outbreaks

Gunman Killed Inside Canadian Parliament; Soldier Shot at National Monument Dies

Sleater-Kinney Was Once America’s Best Rock Band

Can it be again?

Paul Farmer: Up to 90 Percent of Ebola Patients Should Survive

Is he right?


“I’m Not a Scientist” Is No Excuse

Politicians brag about their ignorance while making ignorant decisions.


The Right to Run

If you can vote, you should be able to run for public office—any office.

In Praise of 13th Grade: Why a Fifth Year of High School Is a Great Idea 

Renée Zellweger’s New Face Is Too Real

  News & Politics
The World
Oct. 22 2014 2:05 PM Paul Farmer Says Up to Ninety Percent of Those Infected Should Survive Ebola. Is He Right?
Continuously Operating
Oct. 22 2014 2:38 PM Crack Open an Old One A highly unscientific evaluation of Germany’s oldest breweries.
Gentleman Scholar
Oct. 22 2014 5:54 PM May I Offer to Sharpen My Friends’ Knives? Or would that be rude?
  Double X
The XX Factor
Oct. 22 2014 4:27 PM Three Ways Your Text Messages Change After You Get Married
  Slate Plus
Tv Club
Oct. 22 2014 5:27 PM The Slate Walking Dead Podcast A spoiler-filled discussion of Episodes 1 and 2.
Brow Beat
Oct. 22 2014 4:10 PM Skinny Mark Wahlberg Goes for an Oscar: The First Trailer for The Gambler
Future Tense
Oct. 22 2014 5:33 PM One More Reason Not to Use PowerPoint: It’s The Gateway for a Serious Windows Vulnerability
  Health & Science
Wild Things
Oct. 22 2014 2:42 PM Orcas, Via Drone, for the First Time Ever
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.