Online review giant, Yelp and TinyCo, Inc. (a mobile app developer) both agreed to settle separate FTC charges claiming that they unlawfully collected data from children, which was in violation of the Children’s Online Privacy Protection Act (COPPA).
Yelp was fined a civil penalty of $450,000 while TinyCo, Inc. was fined $300,000.
According to the complaint by the FTC, Yelp collected personal data (name, email address, location, and any information they posted on Yelp) from children without first gaining their parents’ consent from 2009-2013. The complaint alleges that while Yelp asked for a date of birth in their registration process, adequate testing was not performed on their mobile app to make sure that children under the age of 13 would be prohibited from registering.
Aside from forking over that $450,000 penalty fee, Yelp will also be required to destroy any data pertaining to those who registered that stated they were under the age of 13 at the time of registration, except in cases where Yelp is able to prove that the user was in fact over the age of 13.
According to the complaint by the FTC against TinyCo, Inc., the apps developed by the company (Tiny Pets, Tiny Zoo, and Mermaid Resort are some of the few among them) targeted children through their uses of bright colors, animation and child-oriented activities.
The complaint states that, “Through its kids’ apps, TinyCo invites users to provide their email address. TinyCo encouraged users of at least one of its kids’ apps to provide their email addresses in exchange for free in-app currency. TinyCo collected tens of thousands of email addresses through these apps” and also that, “TinyCo was aware that many children used the kids’ apps. In fact, TinyCo has received complaints from many parents whose children under the age of 13 use the kids’ apps. Upon receiving these complaints, TinyCo did not take steps to determine whether it had collected personal information from these children, or, if it had, to delete such information, provide the required notices, or obtain the required parental consent.”
TinyCo, Inc. will be required to delete any data collected from users under the age of 13 in addition to their $300,000 civil penalty.
Both settlements will require Yelp and TinyCo, Inc. to be in compliance with the COPPA requirements moving forward. They will both also be required to submit a compliance report to the FTC a year from now.
So what can business owners learn from this?
“If you offer a site or app not intended for children, then you’re probably better off not asking for age information from users posting reviews. And, if you do, you better make sure the age screen mechanism is working properly. Yelp got into trouble because its registration form had a date-of-birth field and allowed users under 13 years of age to register, apparently due to a glitch. Had they not used a date-of-birth field (which, by the way, is not mandatory under COPPA for general audience sites and apps such as Yelp), then perhaps this issue would never have occurred.
But keep in mind that an age question is not the only way you could be put on notice of a child giving you personal information. If you are monitoring the comments that come in from reviewers and you notice that one of the comments may have been posted by a child (for example, the user says in his/her review, “I’m 11 years old…” or “I’m a kid…”), then you’d have an obligation to delete that review from your records and any personal information (such as name and email address) linked to that user,” says Shai Samet, Founder and President of kidSAFE.
While you want to gain as much insight on your customer base as possible, it is important to only ask for data that you feel is really imperative for you to have in order to best serve your customers. Moreover, it is crucial to make sure you are within the confines of the law.
Note: ReviewInc by default does not collect dates-of-birth as part of the review collection process unless added by the user.
About kidSAFE: The kidSAFE Seal Program is a fast-growing “seal of approval“ program that independently reviews and certifies the safety practices of children-friendly websites and technologies, including kid-targeted game sites, educational services, virtual worlds, social networks, mobile apps, tablet devices, and other similar online and interactive services.