The Federal Trade Commission released news of its first COPPA settlement of 2013, to the tune of an $800K fine against mobile app developer Path, Inc. That the FTC chose to investigate an app for privacy issues shouldn’t surprise anyone in the industry. In 2012, they issued two reports on apps for children, as well as one set of guidelines for developers. They were decidedly unhappy with what they saw, and as we’ve discussed before, they warned that action was coming.
And while the latest fine is making headlines across the industry, there’s more to a COPPA settlement than money. What else is at stake? Consider the following:
1) Delete your data. Yes, the data you’ve been collecting in violation of COPPA. And any data you’ve collected, reaching back to 2000 when the Act was enacted. Forget about engaging with your users – you need to start from scratch.
2) Build a compliance budget. When was the last time you trained your team on compliance? How many of them know the basic principles of COPPA? When was the last time you examined your data security practices? Have you ever conducted a compliance audit? Done a security risk assessment? Most settlements include requirements that companies do all of the above. Not just once, but annually for a number of years. The most recent settlements came with 20 years of compliance auditing requirements. Will you be able to stay in business even just a few more years with this on your budget?
3) Public trust. Yes, it’s intangible. Until you start thinking about your target user. In the world of products that are intended for or that appeal to children, trust is critical to your brand’s success. If parents don’t trust you with their children, you will no longer be welcome in their world. Most website operators who have violated COPPA are required to post “consumer education” – that is – a link to the FTC’s OnGuard Online materials – on their site for a period of five years. It’s a red flag for consumers, and probably not something you’ll want to add to your app store marketing copy.
So, what’s an app developer to do? Build compliance into the framework of your business. It can be a seamless part of your process, and when done correctly, a true aid in helping you achieve your goals. There will be more violations uncovered this year, and more businesses that have to retrench, retool and figure out how to survive after an FTC settlement. Don’t let it be you.