Skip to main content

BREAKING NEWS: THE COPPA ENFORCEMENT ACTIONS ARE HERE!

Written by Julia Siripurapu, CIPP

As we predicted in prior blog posts (here and here), the Federal Trade Commission has begun its vigorous enforcement of the Amended COPPA Rule.  And one of the players is not a child-related site, so read on.   The Commission just announced  that online review site Yelp, Inc. (“Yelp”) and mobile app developer TinyCo, Inc. (“TinyCo”), agreed to settle separate Federal Trade Commission charges that they improperly collected personal information from children under 13 in violation of the Children’s Online Privacy Protection Act (“COPPA”). and TinyCo will pay a $300,000 civil penalty.

Under the term of its settlement, Yelp will pay a $450,000 civil penalty and is required: (1) to comply with COPPA in the future, and to provide a report to the FTC a year from now describing what the company is doing to comply  and (2) to delete information  collected from consumers who said they were under 13 when they registered. The order includes an exception if Yelp can show the person was over 13 when she/he signed up for the service. To read more about the Yelp Settlement, click here.

Under the terms of its settlement, TinyCo will pay a $300,000 civil penalty and is required to:

(1) do a major COPPA clean-up and (2) to delete  all information collected from children under 13. To read more about the TinyCo Settlement, click here.

COPPA coverage is broader than you think.    We will have a complete analysis of the settlements and their impact in a later post.

 

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.