You might think that only companies that operate websites directed at children need to worry about complying with COPPA, the Children’s Online Privacy Protection Act. A recent case involving Yelp, the online review site, however, shows that websites that aren’t specifically geared towards children need to worry about COPPA, too. Yelp recently reached an agreement with the Federal Trade Commission to settle charges that it had violated COPPA. Yelp agreed to pay $450,000 in civil penalties.
So what happened to bring the wrath of the FTC down on Yelp, every retailer’s favorite review site? The FTC claimed that Yelp had collected personal information from children over a four-year period that began when Yelp’s mobile app launched in 2009. According to the FTC, when users registered with the Yelp site and entered a date of birth showing that they were under the age of 13, Yelp collected the person’s name, e-mail address, and location. COPPA requires that prior to collecting such information from children under the age of 13, a website operator must notify the child’s parent or guardian and get the parent or guardian’s express consent. The FTC claimed that Yelp did not take these actions with respect to thousands of registered users, even though Yelp could tell from the registration information that they were triggering COPPA. The FTC also claimed that Yelp failed to implement or properly test its apps to ensure that children under the age of 13 could not register.
In addition to paying a $450,000 penalty, Yelp agreed to delete the information it had collected about children who had registered, and to comply with COPPA going forward.
Why is the Yelp case important? There are two reasons:
• First, the settlement shows that COPPA applies to mobile apps, in addition to conventional websites.
• Second, the case shows that website and app operators need to worry about COPPA, even if their site or app isn’t directed specifically at children. If your website or app is collecting personal information about users, you need to consider whether some of those users might be under the age of 13. If you are collecting information about children under the age of 13, COPPA applies. So you have two options at this point. You can develop COPPA compliance procedures, or you can implement software tools to block users under the age of 13 from registering and providing personal information.
Follow me on Twitter @PaulHSpitz