Give the Yelp mobile app a less-than-favorable review when it comes to child privacy rights.
The online platform, which allows users to discover and review local stores, restaurants and other businesses, has agreed to pay a $450,000 settlement after the Federal Trade Commission said that Yelp violated the Children’s Online Privacy Protection Act (COPPA) by collecting information from users under the age of 13 without first notifying parents and getting their consent.
Yelp blamed the infraction on a "bug" in its mobile registration process and promised to delete all the information that had been collected.
"Yelp doesn't promote itself as a place for children and we certainly don't expect or encourage them to write reviews about their plumbers, dentists or latest gastronomic discoveries," the San Fransisco company said in a statement on its blog. "When this problem was brought to our attention, we fixed it immediately and closed the affected users' accounts."
According to the FTC complaint, Yelp’s app, which allows user to register for new accounts with the option of putting in their birthdate, “failed to implement a functional age-screen mechanism in the new in-app registration feature.” Users were granted full access to the mobile site even after they provided a birthdate that showed they were younger than 13. From there, they could add information and content such as photos and the city where they lived, and they could “check in” at local businesses.
This was deemed a violation of COPPA because underage users could do this without parental knowledge or consent.
On Wednesday the FTC announced it would fine Yelp a $450,000 civil penalty, and ordered the company to delete any information it had collected from consumers younger than 13.
The action comes a year after the FTC expanded the parameters of its child-protection rules to include a wider range of content.
“As people -- especially children -- move more of their lives onto mobile devices, it’s important that they have the same consumer protections when they’re using an app that they have when they’re on a website,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in a public statement.
“Companies should take steps as they build and test their apps to make sure that children’s information won’t be collected without a parent’s consent.”
Last year, the FTC updated the rules to include photo, video and audio recordings of children, as well as any “persistent identifiers that can recognize users over time,” which can range from an online usernames to mobile-device ID numbers.
"The lesson for companies is that where they ask for and get information within the registration process to know whether a user is underage, the FTC will deem them to have 'actual knowledge' that kids are providing personal information," Attorney John Feldman at Reed Smith, who specializes in advertising issues, said to Reuters.
Mobile app developer TinyCo Inc. has also agreed to a $300,000 settlement for a similar infraction. According to the FTC, many of TinyCo’s games, such as Tiny Zoo, Tiny Monsters and Mermaid Resort, were targeted at young children but also had an option for users to provide an email address to gain an in-game advantage. This, the FTC alleges, also violates COPPA.