A year has passed since Google and YouTube reached a record settlement with the Federal Trade Commission (FTC) for violating COPPA, the Children’s Online Privacy Protection Act. The $170 million fine, following a prolonged investigation, was a critical step for kids’ online safety and moved the goalposts for enforcement of privacy laws, impacting platforms, brands, and content creators alike.
The kids’ digital landscape is complex and constantly evolving and it can be challenging to understand when COPPA applies. In this three-part series, we’ll dive deeper into last year’s settlement and share actionable takeaways for brands and content creators. In Part One, we’ll begin by breaking down three core learnings from the 2019 YouTube settlement. Part Two will detail what has changed on YouTube since the settlement and best practices for brands. In Part Three, we’ll share tips for content creators to ensure kid and brand safety on YouTube.
First things first: what is COPPA and why is it important?
COPPA is a privacy law in the United States that regulates the collection of personal data from children under 13 by online services including websites, advertising, and mobile apps. The primary purpose of COPPA is to put parents in control over what personal information is collected from their children online. In recent years, the FTC has become more assertive in addressing violations of children’s online privacy, especially for mixed audience platforms.
What can you learn from YouTube’s settlement?
Kids privacy laws aren’t just for kids platforms
COPPA applies to any website, online service, or mobile app directed to children under 13. In practice, the FTC considers any site with content that is appealing to children to be ‘child-directed’. COPPA does not require you to investigate the age of your users; however, once actual knowledge of under-13 users is obtained, COPPA must be enforced and any personal data collected must be deleted. This impacts all platforms, even those that are not kid-directed.
Kids data cannot be collected and stored without parental consent
COPPA effectively prohibits the collection of personal data from under-13 users. Personal data can be defined as contact details (e.g. first and last name, address, telephone number), in addition to technical identifiers, such as device ID, IP address, or geolocation. In YouTube’s case, this information was used to enable features that require personal data to function, most visibly personalized advertising, but also the ‘save to playlist’ and ‘watch later’ tools. These features can make for an enhanced user experience. Harvesting the data that powers them is not impossible, but this process must be handled responsibly by obtaining Verifiable Parental Consent (VPC) in accordance with COPPA standards.
Given the sensitivity of children’s personal information, the VPC process requires you to contact a parent, verify their identity, and obtain their consent before you collect and store personal data. Furthermore, parents must be provided with the ability to access their child’s personal information and with the option to request that you stop collecting data or that the existing data is deleted at any time.
Contextual advertising makes it possible to advertise to kids safely
According to COPPA, behavioral (or interest-based) advertising, as well as remarketing/retargeting, is not permitted. However, it is important to note that this does not mean you cannot advertise to kids in a safe and effective way. Contextually targeted campaigns on vetted kids’ sites, apps, and channels are kid-safe and compliant. When executed correctly, these campaigns can be precisely tailored to your target demographic.
It’s clear that kids’ online safety matters now more than ever. To learn more about how to advertise to kids in a safe and compliant way, enroll in our KidAware training program today. Look out for our next post in this series regarding what has changed since the settlement, in addition to useful takeaways for brands and content creators.