As we wrote previously, kids are spending more of their days online and are using online platforms for virtual learning and entertainment. Much of this environment is funded through online advertising. All companies thus need to think about the impact that children’s privacy laws, like COPPA, have on the online environment, as they will see the outcomes of this applicability in their contracts.
First, what obligations do third parties, such as ad networks and ones that provide third-party plug-ins have? As highlighted by the FTC in its FAQs, ad networks and providers of third-party plugins are subject to COPPA when they have “actual knowledge” that they collect personal information from children under 13. Such third parties have “actual knowledge” of collecting information from children where a child-directed content provider directly communicates the child-directed nature of its content to the third party or where the third party otherwise gains knowledge of the child-directed nature of the content. (FAQ E(1)).
Companies engaging with third party services like ad networks and providers of third-party plugins can thus expect to see COPPA-related elements built into their contracts. These might include reps and warranties that the company’s website is not directed to children, the company does not have actual knowledge of children on its site, or the like. They should also expect to see the FTC paying attention to their use of these third-party tools on their websites. For example, this summer, the FTC settled with an app that had third-party ad networks collecting personal information from children through persistent identifiers used to target ads to children.
Putting it Into Practice: We anticipate that the FTC will continue its scrutiny of the targeted ad environment. It is thus timely, if engaging in online advertising, to both review the FTC FAQs and contracts with ad networks and other similar third parties.