McDonald’s, Nickelodeon, and General Mills in trouble for using refer-a-friend tactics with kids

mcdonalds hey kids this is advertisingAccording to the New York Times, McDonald’s, Nickelodeon, and General Mills are among a handful of well-known companies violating the Children’s Online Privacy Protection Act (COPPA). The federal mandate requires these websites obtain parental consent to collect data about visitors under the age of 13, and this has allegedly been ignored by six well known sites that target young users.

The specific sites in question are,, (General Mills),, (also General Mills), and The two most obvious offenders fall under General Mills’ dominion: Both and have prompts on their homepages to invite your friends by entering their e-mail addresses. In some brief hands-on time with the other sites (pro tip:’s Teenage Mutant Ninja Turtle game defies age barriers), requests for e-mail addresses weren’t hardly as front and center, and instead buried between game levels or as tools to unlock new features. The McDonald’s site asked users to upload photos of themselves that were inserted in music videos and then sent to the friends whose e-mail addresses they provided.

reeses and trix tell a friend

The allegations come less than a month after the FTC decided to update COPPA. The law was written nearly 14 years ago, and as we well know, the technological times have changed. It’s much easier to collect user information seamlessly. Proposed new legislation would hold both websites and data brokers responsible for getting parental permissions to track kids online – or pay the price of not doing so. Things are about to get harder for app and browser plug-in developers and the definition of “personal information” is going to come under question.

Naturally, there are a few companies that take issue with the proposed changes, one of them being Facebook. The new rules would affect how the Like button works and collects information, and the FTC will start tightening its grip over how such socially collected data is used for advertising based on it. Facebook actually spent hours back in December making a case for the Like button, saying that without its ability to collect information, users won’t be as actively involved in creating and influencing the online content surrounding them.

The point is moot – at least in theory. Facebook still isn’t open to anyone under the age of 13, though we all know this has hardly stopped young users from creating accounts.

Of course, Facebook and other social networks’ problem with newly tightened COPPA regulations are quite different than what the aforementioned sites and companies are being accused of doing. There’s no mistake that sites like and are entirely targeting users ages 13 and under, and these sites aren’t doing so using under-the-surface means, like the Like button; they’re flat out asking for kids’ friends’ e-mail addresses.

As COPPA develops and the new regulations are enacted (which they should be shortly), there will be much philosophical discussion about how much information is too much information, what the difference between tracking and curating is, and what is advertising and what’s suggested content – all the same unavoidable arguments we run into now that marketing has turned an abrupt and socially-infused corner. But the accused sites in this particular case can’t hide under any of the previously mentioned debates, and you can expect COPPA to adapt and out their methods.