Privacy fines have been rolling in by the millions this year and one of the more high-profile fines is the 170 million dollar fine imposed by the FTC for Google violating the Children’s Online Privacy Protection Act (COPPA). This is following a current trend of the FTC fining tech companies for not protecting children’s privacy. The music app TikTok (Musica.ly) was recently fined 5.7 million dollars for violating COPPA. This has sparked a debate on how COPAA should be modified in order to continue evolving with the current digital landscape. Currently, there are workshops being held on how COPAA should be amended. However, similar to laws such as the California Consumer Privacy Act (CCPA), there are lobbying groups that are pushing to weaken privacy for COPAA and ultimately diminish the privacy protection for children browsing the web.
With the growing complexity of privacy laws worldwide, many companies are trying to justify ways in which certain privacy laws may not apply. Generally, this approach makes sense, but it must be approached from a common sense perspective. According to the case against Google, there was an advertiser that asked about YouTube’s compliance with COPPA. An employee provided an inadequate response by saying, “we don’t have users that are below 13 on YouTube and the platform/site is a general audience, so there is no channel or channel content that is child directed and no COPPA compliance is needed.” Anyone who has taken a look at YouTube, or has children of their own knows that there is a vast amount of child-directed content on YouTube. For example, there is a channel called “BKN Toys,” which has over 13.5 million subscribers whose content is mainly directed towards children.
Part of the employee’s explanation makes sense because it is an open platform; however, since it is an open platform, it allows for content creators to find a niche audience (children under 13) and monetize their content. Just because a website is not created for children does not mean that it will keep children out of the website. YouTube’s own rating system is also able to identify if specific content is “kid-directed”, which means that YouTube was well aware that there was kid-directed content on the website. Due to the nature of monetization of these videos, children who would view these videos would be tracked by cookies and other identifiers without obtaining appropriate consent. And the platform was earning millions in the process. A good portion of the revenue comes from targeted ads through a process called Real Time Bidding “RTB” — through an “Ad-Exchange” which acts as an auction for the buying and selling of impressions (real-time ads). To simplify it, an advertiser would place a bid to win a certain impression in real time and since this advertiser would want the ad to be as targeted as possible, the advertiser would set specific demographic parameters on who they would like the advertisement to display to.
Why is this a problem? Not only are organizations deliberately violating the law, but they are also making millions in the process. As amendments to COPPA loom and have a chance of becoming more stringent, organizations will face new requirements and not only have to spend more money to implement certain process changes, but organizations would also lose money on previous avenues of revenue that have been highly profitable. Lobbyists and other special interest groups are working on future amendments to COPPA that could potentially undermine and weaken the protection that children receive while browsing the internet. Due to the sheer amount of data collected and used for advertising, artificial intelligence, machine learning, or for other purposes, we need to ensure that the privacy of children and all people browsing the internet is protected.
Privacy advocates are concerned that the current workshops are a means to weaken the current protections of COPPA. The FTC has tried to qualm some of the criticisms of privacy advocates by providing a statement that future amendments are not meant to undermine the existing protections of COPPA. It’s crucial for our future generations that privacy becomes the default and the expectation. The digital economy is currently at a crossroad and the organizations that are able to develop privacy-centric solutions will be the ones that succeed in the new digital age.