The feds have officially kicked off their hotly anticipated crackdown on IT firms violating the Children’s Online Privacy Protection Act (COPPA).
The first two victims are review site Yelp, which announced on a little noticed blog post yesterday it had settled for $450,000 and admitted it had been collecting names and other identifiers of children in violation of COPPA. Yelp is now faced with the task of making it harder for underage children to register with the site. Yelp chalked up the issue to a bug in its systems.
In a press release that dropped today, the FTC officially announced that in addition to Yelp, it had sued mobile app developer TinyCo for a similar violation. TinyCo settled the charges for $300,000 and agreed to take steps to make sure its protocols were in line with COPPA. While both sums are small drops in the buckets for both companies, the FTC’s moves portend a continued crackdown in a bid to get companies compliant.
“I can tell you there’s very few gaming companies out there that are COPPA compliant. So it should be easier for the FTC to fine them and many others for violating the law,” said AgeCheq founder and chief executive Roy Smith, who has been pounding the drums since April that the feds would soon begin enforcing COPPA.
“In the past, they went after Sony and Disney for millions, and I expect there’s more to come, and it’s likely the fines will fall under the ‘gee whiz’ category for millions,” Smith said.
Indeed, AgeCheq produces frictionless software that helps gamers and mobile app developers, and parents themselves, comply with the law. Smith said business is booming.
Yelp apparently knew it was in violation of COPPA but did nothing to rectify it, the FTC said. Indeed, the FTC asserted that Yelp was collecting personal information from kids between 2009 until 2013 through its mobile app without letting parents know what was going on with their children. The FTC collected information, enough of which was used to cement its case, that Yelp failed to implement what it called a “functional age-screen in its apps.”
COPPA applies to kids 13 and under.
For Yelp, the issue doesn’t end there. The San Francisco-based review site must also scrub from its servers information collected from children 13 and younger at the time they registered for the service. In other words, there’s much more work it has to do.
As for the popular app maker TinyCo, the feds claimed outright the company was targeting children in direct violation of COPPA, marketing its games like Tiny Monsters, Tiny Village, and the Mermaid Resort to youngsters under 13. The FTC said that once inside some of the apps, kids accrued what are called in-game currencies, or virtual goods, that enabled them to move up the games’ ladder. The FTC said TinyCo allowed this to happen while collecting PI’s, or personal identifiers, from kids 13 and younger.
According to the FTC’s release this afternoon:
“In addition to the $300,000 civil penalty, under the terms of its settlement with the FTC, TinyCo is required to delete the information it collected from children under 13. The settlement will also require the company to comply with COPPA requirements in the future and submit a compliance report to the FTC in one year outlining its compliance with the order.”
“The easiest way to avoid COPPA problems is to make sure your game doesn’t gather or capture any information. If you do that, you will have no issues whatsoever. If you want to make money with your game, you either have to run ads or make your game a “toll gate” game,” Smith said.
The FTC’s move against Yelp mirrors the fines it levied against Apple, Google, and Amazon this year. The feds called those cases “family fraud,” in other words, while the intent to charge kids for unauthorized app purchases wasn’t a calculated or malicious act on the part of the companies, it was understood that kids using their parents’ devices were were being charged without adequate notification.