Two recent FTC decisions remind us that with the Children’s Online Privacy Protection Act (COPPA), responsibility always starts with the content and data collection happening on the site and/or mobile app. This includes a “strict liability” standard when it comes to “knowing” whether your audience includes children under 13 years of age, thereby triggering COPPA’s requirements.
The FTC’s recent settlement with TinyCo, an app developer and maker of games like Tiny Pets, Tiny Monsters, and Mermaid Resort, provides some important lessons.
The FTC’s decision against TinyCo also provides some valuable insights into determining whether COPPA applies to a site or app. For instance, the FTC looks at the following factors (among others) to determine whether a site or app is “kid-directed”:
• Subject matter
• Visual content
• Use of animated characters or child-oriented activities and incentives
• Music or other audio content
• Presence of child celebrities or celebrities who appeal to children
But what happens if you are not targeting children through your site’s content or cute little characters, or don’t intend to include children in your target audience? COPPA still applies to “general audience” sites and apps (sites and/or apps not specifically directed to kids), and it also applies to data collection activities across all your sites and apps – as Yelp learned recently.
Yelp knew that children were using its site and mobile app, and had implemented an age gate to screen out users under the age of 13. Unfortunately, the company implemented the age gate incorrectly on its mobile app; as a result, access to Yelp’s app and services was provided irrespective of which age was initially entered in the company’s age gating feature. By doing this, Yelp committed further COPPA no-nos, by collecting device identifiers and location data (both considered personal information under COPPA) without providing the requisite notice, and getting verifiable parental consent.
So what does COPPA require, and what do you, as a site operator or app developer, need to do to comply? Over the next few weeks, we’ll be exploring those questions.
Webinar: Getting Proactive with COPPA
We will kick off the discussion with a webinar next Tuesday, September 30th at 11:00 am pacific. During this session, I’ll host “Getting Proactive with COPPA” – which will focus on:
• How a site or app’s audience, content and other features could trigger COPPA (even if you intend otherwise).
• What to do if COPPA applies to you – with a particular focus on privacy policies, direct notice to parents, and verifiable parental consent.
• Age-gating – and how to do it right.
Since the FTC announced revisions to the COPPA rule last year, much of the focus has been on third-party/plug-in activity on sites and apps. But these recent FTC settlements with TinyCo and Yelp remind us that when it comes to COPPA, compliance starts with your audience and content.
I look forward to drilling down into more details about the TinyCo and Yelp FTC settlements, as well as COPPA’s specific requirements, and taking your questions next Tuesday.
If you weren’t able to attend the live webinar, you can view a recorded version in its entirety and access the slides below:
Full Video Presentation
Becky is the Senior Content Marketing Manager at TUNE. Before TUNE, she led a variety of marketing and communications projects at San Francisco startups. Becky received her bachelor's degree in English from Wake Forest University. After living nearly a decade in San Francisco and Seattle, she has returned to her home of Charleston, SC, where you can find her enjoying the sun and salt water with her family.