eDiscovery Daily Blog

Forget CCPA. COPPA Just Cost YouTube and Google $170 Million: Cybersecurity Trends

Sure, we’ve been talking a lot the past couple of years about Europe’s General Data Protection Regulation (GDPR), enacted in May 2018 and we’ve already seen one big fine here and another huge potential fine here.  And, we’ve been talking for over a year now about the California Consumer Privacy Act, which is scheduled to take effect next January 1st.  But, have we talked about “COPPA”?  Not, till now.  But, “COPPA” just cost YouTube and Google $170 million.

According to CBS News (Google to pay $170 million for violating kids’ privacy on YouTube, written by Sarah Min), Google will pay a record $170 million fine to settle a lawsuit filed by federal and state authorities that charged the internet giant with violating children’s privacy on YouTube, the Federal Trade Commission (FTC) said Wednesday.

The settlement requires Google and YouTube to pay $136 million to the FTC and $34 million to New York state for violating the Children’s Online Privacy Protection Act (COPPA), by collecting personal information from children without their parents’ consent.

The FTC and the New York attorney general alleged in a complaint that YouTube gathered children’s personal information by using “cookies,” or personal identifiers, that track users online. According to the suit, YouTube earned millions of dollars by using the information to deliver targeted ads to kids.

COPPA requires online websites to obtain parental consent prior to collecting kids’ online usage information. The FTC and New York Attorney General Letitia James said that, while YouTube claimed it caters to a general audience, many of its online channels are aimed at children under the age 13. That requires the service to comply with COPPA guidelines.

“YouTube touted its popularity with children to prospective corporate clients,” FTC Chairman Joe Simons said in a statement. “Yet when it came to complying with COPPA, the company refused to acknowledge that portions of its platform were clearly directed to kids.”

For example, a toymaker with a YouTube channel could track people who viewed its videos to send ads for its own products that are targeted to children. The FTC said in its complaint that Google and YouTube told toymaker Mattel that YouTube “is today’s leader in reaching children age 6-11 against top TV channels.” It also said that the companies told Hasbro that YouTube is the “#1 website regularly visited by kids.”

But when it came to advertisers, the FTC alleged that YouTube told at least one marketer that the video-search company need not comply with COPPA, as it did not have users under the age of 13 on the platform.

Prior to Google’s settlement, the largest civil FTC penalty for a children’s data-privacy case was a $5.7 million for a case in February involving social media app TikTok. This penalty is nearly 30 times that one.  Still, critics say last week’s settlement still amounts to a drop in the bucket for Google, whose parent company Alphabet was sitting on $121 billion in cash and securities at the end of June.

Nonetheless, this penalty, along with Google’s GDPR fine from earlier this year, adds up to nearly $227 million.  That’s some serious money, even for a company like Google.  Great Google-y Moogle-y!

So, what do you think?  Will fines like these change how organizations track user data?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.