On September 4, 2019, the Federal Trade Commission (FTC) announced a record $170 million penalty as part of a settlement with Google and its subsidiary YouTube for violations of the Children’s Online Privacy Protection Act (COPPA). This is a good reminder for financial institutions to be cognizant of COPPA and its possible applicability to the website. According to the complaint, YouTube collected personal information from viewers of child directed channels without notifying parents and obtaining their consent. The personal information was in the form of identifiers (cookies) that are used to track users across the Internet. YouTube then used the cookies to deliver targeted ads to viewers of the channels. COPPA requires child-directed websites and online services to provide notices of their information practices and obtain parental consent prior to collecting personal information (including cookies) from children under 13. YouTube claimed to be a general-audience site, but some of its individual channels are operated by toy companies and are child-directed according to the FTC.

In addition to the $170 million penalty, Google and YouTube must develop, implement and maintain a system that permits channel owners to identify their child-directed content on the YouTube platform. They must also notify channel owners that their child-directed content may be subject to COPPA requirements and provide annual training about complying with COPPA.

Author

John Zasada, JD, CAMS – Compliance Consulting Director, Financial Institutions Group. John can be reached at zasada@doeren.com.