In August, the Federal Trade Commission (FTC) approved changes to a video game industry program in an effort to ensure compliance with the Children’s Online Privacy Protection Act (COPPA). This comes after a 2017 study finding that YouTube, the video platform owned by Google, is the most popular online media platform among children, with as many as 80% of children ages 6-12 using it daily. Yet YouTube claims in its Terms of Service that the platform is not intended for anyone under the age of 13, and by agreeing to the terms, consumers affirm that they are indeed at least 13 years old. Users also agree to Google’s privacy policy, which details how Google collects data such as a viewer’s device, location, or phone number, and tailors advertisements and services based on that data.
COPPA was originally enacted by Congress in 1998, requiring the FTC to issue and enforce regulations concerning children’s online privacy. COPPA is intended for parents to control what information if collected from their children. The law applies to (1) operators of commercial websites and online services (including mobile apps) directed at children under 13 years old, (2) operators of general audience websites who have actual knowledge that they are collecting, using, or disclosing personal information from children under 13, and (3) websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed at children.
Under COPPA, covered entities are prohibited from collecting personal information from children without properly disclosing how the information will be used to parents. In 2012, the FTC clarified COPPA rules by requiring verifiable consent from parents before collecting data that could be used to identify or locate a child. The information that covered entities do collect must also remain secured and protected.
In April 2018, a coalition of over 20 consumer advocacy and privacy groups filed a complaint with the FTC, alleging that YouTube had been violating COPPA for years by illegally collecting and profiting off of children’s data. The complaint further alleged that YouTube has skirted COPPA by claiming that it does not have a child audience.
YouTube currently has a YouTube Kids app designed specifically for children that complies with COPPA, explicitly stating in the privacy policy that it “does not allow interest-based advertising or re-marketing.” However, the complaint claimed that YouTube is aware that children use the regular service and it has actual knowledge that it is collecting and using personal information from children. Specifically, it highlighted that certain popular channels directly communicate to YouTube that their content – often cartoons, nursery rhymes, toy videos – is targeted toward children. The complaint also alleged that high level YouTube representatives have recognized the child-directed content on the platform. By having children’s content remain available on the regular platform, the complaint alleged that YouTube was not offering an “alternative” with YouTube Kids, but rather was acknowledging that children continue to use YouTube.
News reports and a letter from two Members of Congress to the CEO of Google indicated that the FTC met with the consumer advocacy and privacy groups about their complaint but did not take any official action in response to the groups’ allegations.
The spotlight continued to shine on COPPA compliance this month, when Senators Edward J Markey and Richard Blumenthal issued a letter asking the FTC to investigate whether children’s apps are improperly collecting personal data and if app stores are misleading consumers by labeling these apps as “child-friendly.”
This news comes in the wake of recent reports and research surrounding data sharing of nearly 6,000 free children’s Android apps, finding that more than half shared data in ways that could violate COPPA. In their letter to the FTC, the senators are asking for examination of the apps and the advertising agencies working with them to see if they are violating COPPA.
The Senator’s letter cited an article discussing the personal information collected on multiple children’s apps, including precise location and tracking ID numbers being sent to outside companies. The article also addressed a law suit filed in New Mexico, accusing a children’s app, along with online ad businesses, for violating children’s privacy laws. The New York Times also discovered apps on various app stores were labeled appropriate for children but sent personal data without verifiable parental consent.
With social media platforms on the hot seat in regards to the dissemination of consumers’ personal information, it is only logical that other online services (e.g. mobile apps) be placed under scrutiny as well. It is becoming increasingly easier for apps and websites to collect and share consumers’ personal information. With such sensitive information readily available, Congress is becoming more convinced that they cannot become complacent in their oversight of these laws. This action shows that consumer privacy, especially children’s privacy, is of great importance to Congress as they attempt to navigate this new wave of technology. Further, in a year filled with data privacy concerns, Congress is hoping this move will show progress in an uncharted yet advanced industry.
Addressing COPPA and the concerns surrounding children’s personal data can be difficult, but is certainly manageable for companies. The first step in COPPA compliance is to review any potential children access to company websites, including third party websites which companies advertise. If companies fall under COPPA, the company’s privacy policy must be updated accordingly. Then parental consent must be directly obtained, verified, and monitored by the company. The FTC has provided helpful guidance for companies who are concerned about whether COPPA applies to them. For a clear and concise step-by-step process on complying with COPPA, please visit this website for FTC guidance.