There are two new fines out for companies that improperly collected information about children. TinyCo and Yelp both settle the charges with fines of $300k and $450k, respectively. The press release by the Federal Trade Commission regarding the reasons and fines went out a couple of days ago (September 17).
What happened and how can you avoid fines like these?
COPPA requires that companies collecting information about children under 13 online follow a number of steps to ensure that children’s information is protected. The main steps are disclosure and consent from parents. There’s an earlier post here on the blog that dissects the various steps of COPPA compliance for mobile apps.
The actual privacy policy is only a small part of the compliance process.
About Yelp
Yelp collected personal information about kids even though they verifiably knew about their users age and that they had kids under the age of 13 signed up. Here’s a summary of the complaint:
The FTC’s complaint alleges that Yelp failed to follow the COPPA Rule’s requirements, even though it knew – based on registrants’ birth dates – that children were registering for Yelp through the mobile app. According to the complaint, Yelp failed to implement a functional age-screen in its apps, thereby allowing children under 13 to register for the service, despite having an age-screen mechanism on its website. In addition, the complaint alleges that Yelp did not adequately test its apps to ensure that users under the age of 13 were prohibited from registering.
About TinyCO
TinyCo, the creators of games like Tiny Pets, Tiny Zoo, Tiny Monsters, Tiny Village and Mermaid Resort, were fined based on the fact that these games were in reality directed at children under 13 through their use of themes appealing to children, brightly colored animated characters and simple language.
The games partly collected email addresses, including those from 13 year olds. The FTC had this to say:
The FTC’s complaint alleges that the company failed to follow the steps required under the Rule related to the collection of children’s personal information.
The message is clear. The FTC is trying to make an example out of companies that don’t follow the rules imposed on developers by COPPA. Compliance is a fair amount of work, but there are tools out there that help you out.
iubenda can help you out with a well written privacy policy and other companies help with consent systems that you can incorporate into your app. Two by the FTC approved companies are,
