COPPA Violations – Be Careful What You Ask For

James Chiodo, Certified Information Privacy Professional CIPP/US

Privacy is a global concern right now, but nothing is more sensitive than the subject of privacy and safety for children on the Internet. That’s why COPPA (Children’s Online Privacy Protection Act) is in place.

Now before you say, “Our website isn’t for kids,” and stop reading, let me give you an example that shows every website needs to be concerned about the information they collect when it comes to COPPA, and not just sites that are specifically for children.

An Example of COPPA Violation by a Non-Child-Oriented Website

Most people are familiar with Yelp, even if they have never personally used it. It’s a website that lets you review local businesses and read the reviews of others to help you make consumer decisions. Also, if you are at a particular business listed on the site, you can click a “check in” button that lets people know you are presently at the establishment. Obviously, use of the site is intended for adult consumers and not little kids.

When online, Yelp requires a person to be over the age of 13 when they sign up as a member. This was an important company policy because the information that they collect would be in violation of COPPA if they had members age 13 or under. How did the system weed out minors? By asking for a birthdate. Obviously, it’s entirely possible for a kid with a computer at home to lie about their age, but that wasn’t the real concern. The problem was that even if a person entered an age of 13 or less, the filter didn’t work and allowed them access to the full site anyway.

The other problem was that Yelp’s mobile service automatically collected information from the mobile device it was used from. That includes the mobile devices of children who download the app. According to the FTC, Yelp violated COPPA starting in April 2009 when the mobile apps were released, and the problem was not fixed until April of 2013. This includes both the Android and iOS versions of the Yelp application.

Here’s the part you will want to pay particular attention to. The settlement cost Yelp nearly half a million dollars. Let’s discuss how to protect your company when it comes to COPPA violations.

How to Avoid Violating COPPA

The first step is to recognize that you can violate COPPA without having a website that is geared directly toward children. If your site seems like something kids may be interested in, then the FTC can view it as “targeted to children.” Kids love music and videos. They love anything that is animated. They are drawn to sites that feature pictures of children their age.

Children don’t have to be your primary audience. If your site has any sort of appeal to children and doesn’t actively stop kids from using the site, then it can be viewed as “targeted to children” and subject to COPPA policies.

It’s very important that your company takes a close look at your apps, and the kind of data that they collect. Privacy is vital when it comes to apps that are used by children. You may not even know the full extent of what your app tracks if a third party was hired to develop the app. That is no excuse as far as the FTC and COPPA are concerned. It’s your app, and you are responsible for the data that it collects, regardless of who coded it for you.

Finally, you need to be careful what you ask for. Then you need to use that information in the right way. For example, if you ask for an age to enter your website or to register as a member, you have to act on the data that is entered. If you say that children 13 and under are restricted from use, but then the filter doesn’t actually stop them from using the site, there really isn’t an age restriction.

A policy has to be in place to ensure that children aged 13 and under are not sharing information with your company without parental consent. Then you must act on that policy by not allowing children to sign up or use the full version of the site.

Is It Time for Your Company to Think About COPPA?

Hopefully, you took the time to read this complete article even if you originally had no concerns over COPPA policy. If you now realize that this information applies to you, make adjustments immediately to become compliant. If you are starting a new company, be sure to think about COPPA when you are developing your site, determine the type of media found on it, and coming up with policies to avoid collecting data from children.

Finally, if your company is developing a new app, or already has one, make sure that it does not violate COPPA. Remember, your company is ultimately responsible if a child is in any way encouraged to use your site and provide personal information, even if that is not the company’s intention.

New California & Nevada Privacy Laws Affect Website and Mobile App Owners ➞ Read More