Tales from the Circle of (Mis) Trust in Silicon Valley

The topic of data privacy is big enough now that it’s figuring heavily in some of pop culture’s hottest properties.

A Bigger Brother

On the serious side, “The Circle”, a movie that opened on April 28 and is adapted from the book by Dave Eggers, tells the story of a massive Silicon Valley-based technology company that allows and even encourages its members to egregiously violate the online and even offline privacy of everyday people.

Witnessed through the eyes of the film’s protagonist Mae (Emma Watson), the executives at this dystopian mash-up of Apple, Facebook and Google hawk Orwellian taglines such as “sharing is caring,” “secrets are lies” and “knowing is good, but knowing everything is better”.

The movie’s themes reflect growing suspicion within a digitally connected society not yet sure if the benefits of online life are worth sacrificing the sanctity of our personal information.

The Rise and Fall of Dinesh Chugtai

On a lighter note, in the latest episode of HBO’s hit show “Silicon Valley,” long suffering Pied Piper programmer Dinesh, recently appointed CEO (by default) of video chat platform PiperChat, lets his ego get the better of him, in spectacular fashion. A privacy law becomes his ultimate downfall.

The show opens with Dinesh pumping up his fledgling company — and hairdo — with journalists and VC investors while dissing and reneging on former agreements with his former boss, Pied Piper founder Richard Hendricks.

Fuming over his mistreatment, Richard stumbles upon an alarming situation while angrily (and illegally) snooping around the PiperChat database. He suddenly realizes that thirty-three percent of the platform’s users are girls under the age of 13, below the legal age of consent under the Federal Trade Commission’s Children’s Online Privacy Protection Act (COPPA) law.

PiperChat’s disbarred legal council Pete tells Dinesh and Jared in no uncertain terms that everything that could be done wrong was done wrong.

It turns out that Dinesh not only neglected to include a means of obtaining parental consent for the thousands of pre-teen girls using his platform, but he also failed to port over Pied Piper’s standard terms of consent when he publicly rolled it out, shouting “But nobody reads those!” when confronted by his team.

COPPA violations, we learn, result in a $16,000 fine per user, per use, and when biz dev guy Jared punches up the numbers on his calculator, he gives Dinesh the astounding news that PiperChat has racked up a potential $21 billion in fines in less than two weeks — all of which Dinesh would be on the hook for if prosecuted. At this point, a smirking Gilfoyle – Dinesh’s nemesis – predictably pops open the champagne to celebrate the epic fail by his now projectile vomiting frenemy.

Back In the Real World

While $21 billion seems a bit far-fetched, recent FTC activity proves COPPA enforcement is quite real and can be punishing for companies caught out of compliance. In September 2016, for example, New York’s attorney general announced a settlement with Viacom, Mattel, Hasbro and Jumpstart —makers of many of the world’s most popular children’s websites and mobile apps — for a combined penalty of $835,000 based on alleged COPPA violations.

COPPA specifically prohibits companies from collecting “personal information” from children under the age of 13 without verifiable parental consent. What’s more, in 2012 the FTC broadly expanded the definition of “personal information” to include:

  • Geolocation data sufficient to identify a child’s city and street
  • Photos, videos and audio files that contain a child’s image or voice
  • A screen or user name, if it functions as an identifier which permits direct contact with a person online
  • A persistent identifier, which can be used to recognize a child across different websites and online services

For companies feeling tight in the neck about government flexing its muscles on consumer protections, it’s good to remember that every new surge in technology is accompanied by a system of check and balances. Ultimately, this is good for businesses and consumers, giving both a steady platform to build on for the future.

At Gigya, we believe in this balance. Our Customer Identity Management platform powers flexible registration and login for digital properties of all stripes, enabling our 700 global clients to build better relationships with their customers while staying in compliance with privacy regulations like COPPA and the European Union’s upcoming General Data Protection Regulation (GDPR).

Meanwhile, back at PiperChat, it looks like the hapless Gavin Belson, head of the big social media company Hooli may be sweeping in to steal PiperChat for himself without knowing about the impending massive fines. We’ll have to wait until next Sunday to find out. In the meantime, let’s hope Dinesh has learned a valuable lesson.

By David Kerin

Meet us at

IDENTIFIED. The Customer Identity Conference
London, UK

June 6, 2017
View Event >