Yes, COPPA is real.
In Season 4, Episode 2 of HBO’s Silicon Valley, the startup team Pied Piper is surprised to learn that a majority of their user base is under 13. They are even more surprised when they learn that they could face fines of $21 billion.
So, what exactly is COPPA?
The Children’s Online Privacy Protection Act (COPPA) basically says that if you run a website or web app that collects information from someone you know is under 13, you have to comply with a set of requirements. The chief requirement is that you obtain verifiable consent from the child’s parent or guardian. Otherwise, your site simply shouldn’t allow users who are under 13 and should kick them off if you find out about them.
Where did Pied Piper go wrong?
Dinesh, the newly-minted CEO of the video chat company, failed to add compliant terms of service that would have banned children under 13. Even if they had the terms, they didn’t know about the concentration of child users until they had already depended on their monthly active user count (including the children) for publicity and funding.
What are the fines, really?
On the episode, they talk about a $16,000 fine per violation. Because they have many users, and each user can represent multiple violations, the total fine for Pied Piper was quoted at $21 billion.
In reality, the fines are not $16,000 per violation. They start at $16,000 and could be as high as just over $40,000 per violation. So, the potential liability for the company should have been quoted as up to over $52 billion.
Like many administrative penalties, the actual penalties imposed by the FTC rarely reach that level. They are, however, significant. For example, Yelp was hit with a $450,000 fine for violating COPPA in 2014. Playdom was fined $3 million in 2011 for a violation for more than 1.2 million children, which worked out to about $2.45 per violation (it would have been almost $20 billion at $16,000 per violation).
How does a company stay safe?
The blog content should not be construed as legal advice.