View All Blog Posts
Corporate

Yes, COPPA is real.

Post Image

In Season 4, Episode 2 of HBO’s Silicon Valley, the startup team Pied Piper is surprised to learn that a majority of their user base is under 13. They are even more surprised when they learn that they could face fines of $21 billion.

So, what exactly is COPPA?

The Children’s Online Privacy Protection Act (COPPA) basically says that if you run a website or web app that collects information from someone you know is under 13, you have to comply with a set of requirements. The chief requirement is that you obtain verifiable consent from the child’s parent or guardian. Otherwise, your site simply shouldn’t allow users who are under 13 and should kick them off if you find out about them.

Where did Pied Piper go wrong?

Dinesh, the newly-minted CEO of the video chat company, failed to add compliant terms of service that would have banned children under 13. Even if they had the terms, they didn’t know about the concentration of child users until they had already depended on their monthly active user count (including the children) for publicity and funding.

What are the fines, really?

On the episode, they talk about a $16,000 fine per violation. Because they have many users, and each user can represent multiple violations, the total fine for Pied Piper was quoted at $21 billion.

In reality, the fines are not $16,000 per violation. They start at $16,000 and could be as high as just over $40,000 per violation. So, the potential liability for the company should have been quoted as up to over $52 billion.

Like many administrative penalties, the actual penalties imposed by the FTC rarely reach that level. They are, however, significant. For example, Yelp was hit with a $450,000 fine for violating COPPA in 2014. Playdom was fined $3 million in 2011 for a violation for more than 1.2 million children, which worked out to about $2.45 per violation (it would have been almost $20 billion at $16,000 per violation).

How does a company stay safe?

The FTC has a pretty good compliance checklist, here. Of course, there is never a substitute for getting solid terms of service and a privacy policy from an attorney who will make sure you are in compliance.

If you have questions or want more information, please comment below, email me or connect with me on LinkedIn or Twitter.

The blog content should not be construed as legal advice.

Show Comments / Leave a Comment

Comments

There are no comments yet.

Leave a Comment

Sign Up For Updates