After Google’s Landmark Settlement, How Ad Networks Should Tackle Child Privacy

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Congress enacted the Children’s Online Privacy Protection Act (COPPA) in 1998 to address the rapid growth of online marketing techniques targeting children. Programmatic advertising was just taking off with the introduction of banner ads and targeted ad placement.

Websites were collecting personal data from children without parental knowledge or consent, and research showed that children did not understand the risks of revealing personal information online.

Congress charged the Federal Trade Commission (FTC) with enforcing COPPA and issuing regulations implementing it. The FTC’s original COPPA Rule came into effect in 2000, and the FTC began enforcing it against operators of websites and video games.

Fast Forward to the 2010s
As technology evolved, the FTC brought cases against makers of mobile apps, connected toys, and IoT devices. But it wasn’t until 2013, when the COPPA Rule was amended, that ad tech companies started to pay attention to it. That’s when the Rule updated the definition of personal information to include “[a] persistent identifier that can be used to recognize a user over time and across different websites or online services.”

These identifiers (including a cookie, an IP address, a processor or device serial number, or a unique device identifier) are what online advertisers use to target consumers with relevant ads. This expansion of the COPPA Rule dramatically increased ad tech companies’ potential liability, and such companies should be aware of the pitfalls inherent in collecting information from children via other websites and apps.

The COPPA Rule applies to operators of commercial websites and online services directed to children under 13 that collect, use, or disclose personal information from children. It also applies to operators of general-audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13.

Here’s the critical part for ad networks, platforms, and other third parties: The Rule also applies to operators of websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children.

InMobi and

Read more