Although Toysmart.com is now free to sell its online customer database in a bankruptcy asset sale, just who will be willing to step into the harsh limelight surrounding Toysmart’s demise and pick up its customer list remains to be seen.
The sale is subject to numerous restrictions outlined in a settlement agreement reached late Friday between the failed dot-com and the U.S. Federal Trade Commission (FTC). Under the agreement, Toysmart’s customer information can only be sold to a company doing business in a “related market” that agrees to be bound by Toysmart’s policies and buys all of the e-tailer’s assets, not just the list.
The company must also agree to become Toysmart’s “successor-in-interest,” meaning the new company will have to “step into the shoes” of the old company. To most business people, stepping into Toysmart’s shoes sounds an awful lot like walking into a brewing thunderstorm of lawsuits from disgruntled employees and angry customers — not to mention federal regulators and privacy advocates.
Looking for Approval
Although Toysmart.com is out from under the cloud of uncertainty created by the FTC complaint, the bankruptcy court must still approve of any sale of its assets. So, whoever wants to buy the customer list and everything else left at Toysmart will have to go through bankruptcy court. In the event that the bankruptcy court does not approve the sale of the customer database within the next year, Toysmart must delete or destroy all of its customer information.
Before the FTC stepped in, Toysmart was looking for anyone to buy its assets — including its customer database, inventory, warehouse fixtures and equipment, domain name and Web site source code — piece by piece or as a whole. The company was owned primarily by the Walt Disney Company, which is carefully monitoring the bankruptcy.
Although the Toysmart asset sale is now “a package deal,” many observers are wondering why the FTC did an about-face on its decision earlier in the month to aggressively enforce Toysmart’s promise to never sell its customers names and preferences to third parties. When the FTC filed its suit against Toysmart on July 10th, the agency announced that it would ensure that the company’s promises to e-tailers would be kept.
“Toysmart promised its customers that their personal information would never be sold to a third party, but the agreement in fact would allow a sale to a third party. In my view, such a sale should not be permitted because ‘never’ really means never,” said Commissioner Orson Swindle.
The Commission vote to approve the settlement was 3-2, with Commissioners Sheila F. Anthony and Orson Swindle voting against it.
New E-tailer, Same as the Old E-tailer
The settlement came just two weeks after the agency filed a complaint in federal court to block Toysmart.com from selling its customer data after the company stopped taking orders. Even though the FTC has now given its go-ahead for the sale of the customer database, the sale is so tightly restricted that industry analysts believe Toysmart’s customers are in nearly the same position as they were before the company went under.
If and when it is sold, the customer data will still be held in confidence by an online toy retailer and will be not shared with third parties such as direct marketers. Similar sales of trade secret customer lists are often completed by brick-and-mortar companies that have not made overly ambitious privacy promises when collecting customer information. In the traditional retail environment, consumers are accustomed to having their names and purchase decisions sold to successor companies and direct marketers alike.
Buyer Beware, Children At Risk
So why is it unlikely that one of the big toy e-tailers will bid on the Toysmart customer list? The list does offer nearly a quarter million customer names. But while that would be a welcome one-day addition to any e-tailer’s traffic report, it is not known how many of those customers will transfer their loyalty to another online toy store.
Moreover, Toysmart’s list is tainted with allegedly unlawful data collected from children. In the first case brought under the Children’s Online Privacy Protection Act (COPPA), the FTC amended its case against Toysmart late Friday, charging the company with collecting personal data from children in violation of the new law.
The COPPA regulations went into effect on April 21st, and while Toysmart went out of business in May, the company is accused of violating the privacy rights of its underage visitors in the short window it had to do so before closing shop. COPPA requires that operators of commercial Web sites and online services directed to children under 13 — as well as general audience sites that know that they are collecting personal information from children — obtain parents’ consent before personal information is collected from their children.
Toysmart allegedly collected names, e-mail addresses, and ages of children under 13 without notifying parents or obtaining parental consent.
Thus, any company that buys the list will have to carefully look at each entry and delete all data relating to children and then hope that the parents who signed on and got sold out will return to buy merchandise from somebody new.
Still, even if the list is culled at minimal expense — and accurately, at that — the negative publicity surrounding a toy company that failed to protect children is likely to drive even the most visitor-hungry buyer away.