The New York attorney general’s office has concluded an investigation of some major toy brands, and the findings were rather alarming. In direct violation of the Children’s Online Privacy Protection Act, Viacom, Matel, Jumpstart, and Hasbro were tracking children’s internet use through their popular branded websites in order for their advertisers to benefit.

The affected websites included major toy and entertainment brands that are popular with children under thirteen, including Nickelodeon and Nick, Jr., Spongebob Squarepants, Barbie, My Little Pony, Neopets, and several others.

When young users logged onto these sites, the websites tracked information like their IP addresses, then used that information to target the kids with advertising. While that may seem harmless enough, the law clearly blocks access to kids’ internet behaviors for this kind of purpose.

Targeted online advertising and search tracking get a really bad rap in technology circles. And sure, they can feel like a form of spying when you find out that some faceless company has been monitoring which sites you visit and how long you spend there. But there’s a flip-side to all that monitoring: the ability to target you with advertisements is something keeps the internet affordable and accessible, and presumably makes the online browsing experience better. After all, if the only way to provide a solid browsing experience is to show you ads once in a while, wouldn’t you rather those ads were for products you might actually want? The only way to show you a tailor-made ad is to track what you search for in order to anticipate something you might want and block items you wouldn’t want.

If you conduct yourself online as though others can see your browsing activity—meaning you were made aware of the possibility in the terms and conditions before you opened an account—then a lot of what some people consider “spying” is more like someone taking a quick peek in your grocery cart at the store and writing down which brand of potato chips you like. Then they hand you a coupon for those chips before you check out.

But children are legally off-limits when it comes to this kind of tracking and targeted advertising, and not just because adults don’t want to be pestered with cries for the latest toy. In the case of kids, it’s a hands-off agreement that says we won’t do anything that could lead a predator to a child. By gathering information from these branded websites, a hacker could potentially discover a child’s name, age, gender, and even physical location, and that’s not acceptable. Of course, the law still functions to limit the number of commercials and ads that children see, which is a long-standing recommendation from the American Academy of Pediatrics.

As a result of the investigation and its findings, all of the companies involved were assessed some fines and agreed to strict reforms, namely by improving the vetting and compliance process for hiring outside companies to handle their web traffic. This is a case where those who were investigated have cooperated fully and admitted the wrongdoing in order to move forward in a direction that protects children online.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.