The Federal Trade Commission and New York Attorney General's office today announced that Google and its subsidiary YouTube agreed to an unprecedented $170 million in fines for allegedly using cookies to harvest personal data from minors without parental consent and then serve behavioral ads based on this information.

Such actions are in violation of the FTC's Children's Online Privacy Protection Act (COPPA) Rule, enacted in 1998. Under the terms of this regulation, website operators or online service providers that specifically cater to kids must provide public notice if they are collecting personal data from children and obtain their parents' permission. This includes browsing history data captured by cookies.

Typically, it's the actual content creators or service providers who are held liable for COPPA compliance. However, third parties that use cookies to serve targeted advertisements to websites are also subject to the law if they have actual knowledge that they are collecting information from users of child-oriented websites and online services -- as these users are most likely minors.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.