M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.
Don't Risk IT
App Developer Faces $300,000 Fine for Collecting Children’s Data

App Developer Faces $300,000 Fine for Collecting Children’s Data

A $300,000 fine against a mobile developer is a good reminder that you can't collect a child's data. Learn more about COPPA laws and what pitfalls to avoid.

Tuesday, October 7, 2014/Categories: data-privacy

The FTC has strict regulations that protect Internet users under the age of 13, and if app developers aren't aware of these restrictions, they could face huge fines for data collection. In fact, a few mobile developers are learning this lesson the hard way.

The FTC announced that TinyCo – the app maker behind Tiny Zoo, Tiny Chef, and Tiny Pets – has been fined $300,000 after it collected email addresses in exchange for in-app currency children could use in a game.

The Children's Online Privacy Protection Act (or COPPA) prohibits websites, apps, and other online services from collecting any data from children under the age of 13 unless they have explicit permission from the user's parents. The problem is that many app makers don't realize that their users are under 13, or are unaware they have to follow special protocol.

Given that more mobile companies are putting an increased emphasis on big data and collecting marketing information, it's important for mobile developers to take a step back and make sure they're in compliance with this complicated area of the law.

So what do you need to know to avoid COPPA fines? Let's look at a few areas of the law that can trip up mobile developers and lead to huge fines.

Mobile Developer Liability: Know These Laws to Manage Your Risk

Mobile and web developers should take the time to read COPPA regulations or a comprehensive guide to the law. Let's go over some basic points of the law and where you'll have to be in compliance.

In order to avoid mobile developer lawsuits and fines, make sure you…

  1. Password protect in-app purchases. Recently, the FTC ruled that Apple and Amazon needed to refund families whose children were able to make in-app purchases without their parents' permission. The agency has criticized Apple's standards and wants all in-app purchases to require passwords. (See our full write up here: "Develop Apps? Use Password Protection to Avoid Fines.")
  2. Screen for under-13 users. Screening users is trickier than it seems. On the FTC's COPPA FAQs page, the agency suggests that before users enter any information, ask them for their birthday. If they are 13 or over, you can collect email addresses and other data. If not, you'll have to get permission from their parents to collect their data, or grant them access to your app without collecting any data from them. If you screen users after they enter their user information (including name, address, etc.) and create an account, you've already violated the law. Make sure to screen for birthdays right away.
  3. Don't collect data from under-13 users. Mobile developers can't collect data from users under the age of 13 – this includes email addresses, full names, phone numbers, addresses, SSNs, and other data. Yelp was recently fined $450,000 for doing so, which is an important reminder that even if your app is marketed for and geared toward adults, you still have to follow the same guidelines.
  4. Don't allow advertisers and third parties to collect data from under-13 users. This may be the hardest part of following COPPA guidelines. You have to make sure your advertisers and other third parties won't collect data from children who use your app. In fact, you can be fined if one of these companies doesn't follow COPPA guidelines. The FTC also cautions that you can't simply include a disclaimer in your privacy policy to absolve your from liability. Talk with your advertisers and make sure they screen their data collection processes so they won't include children who use your app.

Note: All these rules apply to optional information requests as well as account creation. For instance, if you have an email newsletter, you'll have to make sure you aren't collecting a child's email address when they sign up for it.

Ignoring these guidelines can lead to other problems for app developers. Apple will pull your app from its store if you don't follow its age-specific guidelines. While Google Play and the Windows Phone stores don't have similar guidelines yet, they may in the future.

This blog post shouldn't be taken as the final word on COPPA compliance. One of the challenges of mobile developer liability is keeping up with new laws and court rulings as they're passed. Two years from now, the FTC may change the way it enforces COPPA guidelines. It's always up to developers to make sure they're following the most current interpretation of data privacy laws.

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews


The Small Business Insurance Leader