"SpongeBob Diner Dash" has been removed from Apple's iTunes app store following a complaint that the free game for kids collected their personal information without asking permission.
"We elected to pull the app temporarily while we investigate the complaint," a spokesman for Nickelodeon told NBC News Tuesday.
The Center for Digital Democracy, a non-profit advocacy group that addresses Internet and broadband issues, filed a complaint Monday with the Federal Trade Commission, asking it to investigate and take action against Nickelodeon and mobile game maker PlayFirst for violating the Children's Online Privacy Protection Act with the game "SpongeBob Diner Dash."
The game — which has been downloaded 10 million times for iPhone and iPad according to PlayFirst's blog — asks children to provide "a wide range of personal information, including full name, email address and other online contact information, without providing notice to parents or obtaining prior parental consent, as required" by COPPA, says the Center for Digital Democracy.
COPPA, which requires commercial websites to obtain parental permission before collecting the personal info of any user under the age of 13, was passed by Congress in 1998 — long before mobile apps came into being. The FTC and other organizations want the law to be updated to reflect the smartphone and tablet realities of 2012.
Earlier this month, the FTC issued a second report about mobile apps and children's privacy, comparing a new survey of kids' apps with its 2011 study, taking Apple, Google and app developers to task. The commission said there was "little progress toward giving parents the information they need to determine what data is being collected from their children, how it is being shared, or who will have access to it."
On Monday, a representative from Viacom-owned Nickelodeon, speaking for both the youth-targeted broadcaster and its development partner in the SpongeBob game, told NBC News that the companies were "just made aware of this complaint," and were looking into it.
In the complaint, and in a statement, the Washington D.C.-based Center for Digital Democracy contends that "SpongeBob Diner Dash" uses "mobile marketing technologies such as unique device identifiers (UDIDs) and 'device tokens,' which enable companies to send custom messages to individual children in the form of 'push notifications.'"
Such forms of online contact information "are considered personal information under current COPPA rules," the center says.
“It is clear that this is not an isolated incident,” said Jeff Chester, the center's executive director said in the statement. "As the FTC report last week on children’s mobile apps revealed, this industry is not taking seriously its obligations under COPPA. The commission needs to step up its enforcement actions and adopt new rules that will address the growing threats to children’s privacy in the expanding mobile marketplace."
Update: 6:55 p.m. ET Wednesday: Nickelodeon said Wednesday that after a "thorough review" of the app, "we can confirm that no names, email addresses or other personally identifiable information were collected, and, therefore, we believe that no violation of COPPA occurred." The company said it plans to resubmit the app to Apple's App Store again. "Nickelodeon has long prided itself as being a leader in COPPA compliance, and we are looking forward to maintaining that leadership position in the industry," a company spokesman said.