Children, Internet Privacy, and Class Actions

Children are targets of internet predators seeking unsuspecting youth’s personal data and information without parental consent for profit. Almost every day we read stories about stolen data and privacy breaches. For more information click Data Breaches, Uncertainty of Standing to Sue and Class Actions. Every moment trackers and cookies save our children’s internet searches and personal information for future commercial use. Web page and smartphone applications are sometimes engineered with unlawful hidden tracking technologies that clandestinely collect and send users’ personal data to third parties who then derive vast profits from targeted advertising made possible by this illicitly obtained information.

In 1998, to address these issues, the U.S. Congress passed the Children’s Online Privacy Protection Act (‘COPPA’) attempting to protect our nation’s kids from these online predators. And while COPPA has protected some of our nation’s children, the ever-evolving internet and new technologies always finds new methods to obtain our data and circumvent privacy laws. Illinois Congressman Bobby Rush recently introduced a bill to amend COPPA stating that “privacy is a fundamental right and it is vital that we protect it for our nation’s children. No child in the United States should be subject to the invasive and pervasive practices that permeate so much of the internet. Companies continue to collect untold sums of data on all of us and continue to use that data in ways that remains unknown to parents, users, and regulators. In this type of environment, we must ensure the sanctity of our children’s data.” 

While everyone’s privacy is paramount, those of children under the age of 11 are even more so.

1998 – THE INTERNET STONE AGE

COPPA became law  in 1998, before broadband service even existed! Back then, only 22 percent of the nation even used the internet and almost everyone was accessing the internet via dial up. Facebook, YouTube, Twitter, Google, constants of our society today, were almost a decade away. Against this ‘ancient’ environment Congress deliberated protection of children’s internet privacy.

COPPA requires websites to place their privacy policies on the subject webpages, directly notifying parents about their information gathering practices, and requires obtaining verifiable parental consent prior to gathering children’s personal information, including sharing it with others; forbids websites from conditioning a child’s involvement in an activity based upon disclosure of personal information other than reasonably necessary to participate in that activity; and parents must be informed of these requirements.

The act deems it unlawful for any website or online service directed towards children, or any operator having actual knowledge of obtaining a child’s personal information, from obtaining this material deemed unnecessary for the usage of the site. This would generally include collection of the child’s name, address, e-mail, telephone and Social Security number, or other online identifiers. However, obtaining information to identify the parent to obtain consent is permitted if the site deletes the information from its records in a reasonable time period.

But an April 2002 Federal Trade Commission (“FTC”) staff report found that only half of the sites surveyed complied with the law.

FTC ENFORCEMENT – FINES KEEP INCREASING

The FTC is responsible to enforce COPPA. In 2004 Universal Music Group agreed to pay civil penalties of $400,000 for knowingly collecting children’s personal information without first obtaining parental consent. Their software vendor also agreed to pay $75,000.

At the time it was the largest COPPA penalty handed down by the FTC.

In 2008, the FTC charged that imbee.com, a website designed for children ages 8 to 14, collected and maintained children’s personal information for over 10,000 accounts without notifying parents or obtaining the necessary statutory consent. Imbee admitted liability and paid a $130,000 fine.

In 2016, inMobi, a mobile advertising network, was fined $950,000 for continuously tracking users geo-locations (including kids) without their knowledge even when a mobile device’s privacy preferences settings were activated. In February 2019, Chinese based ByteDance, owners of the TikTok app specializing in short form mobile video messaging, were found by the FTC failing to comply with COPPA. They ultimately agreed to a fine of $5.7 million.

In May 2019, after receiving warnings from the FTC, Apple and Goggle pulled three dating apps by Wildec, FastMeet, Meet 24 and Meet4U, from their stores. The FTC determined these dating apps permitted children under 13 to register, and that Wildec had actual knowledge of significant amounts of minors using the application. Being knocked off Apple and Google can be more economically harmful than a civil fine or even a class action payout.

In September 2019, YouTube was found to be tracking minor’s viewing histories to aid in targeted advertising. The FTC fine --- $170 million. YouTube also agreed to require ‘channel operators’ to mark videos as ‘child-oriented’ and use machine learning to instinctively mark videos to obtain COPPA compliance. And if a channel operator fails to mark the videos the FTC could find them up to $42,000 per video.

COPPA CRITICISM

So, if you're wondering how this all works, kids enter their age when signing up to use an application. But just as certain applications require the user to attest their age over 18 or 21 (you know why) or dating sites that users decrease (and even sometimes increase) their age --- it all depends on the customer’s truthfulness. But since the dawn of time humans have misrepresented their age, either higher or lower depending on the circumstances. Kids want to be older; adults sometimes want to be younger.

And COPPA does not extend to internet pages that could be popular with children, such Facebook or Twitter, as they are not ‘directed’ towards minors. The rules only require compliance with a company has knowledge the use is under 12 years of age. Hence, critics contend the law encourages ‘age fraud’.

Constitutional implications are also in play. COPPA can limit a child’s right to self-expression on social media platforms and to informed media. It is argued that while certain communications and media can be harmful to children, we let them play sports that can also result in injury. And while parents must have some say regarding the content of a child’s access to information, they should also have a right to speak out. It is argued that as constitutional freedoms differ for children under 12 Congress was mindful of these issues when passing the law. (The U.S. Supreme Court did find the Child Online Protection Act, COPA, unconstitutional on somewhat similar grounds).

In the end, no constitutional provisions or statute is an adequate substitute for active parental involvement. Mothers and fathers must be involved in monitoring their children’s internet searches and usage, and not leave these decisions to an admittedly imperfect law that is functionally unable to quickly adjust to rapid technological change.

2013 – FTC UPDATES COPPA RULES

Mobil applications can easily track almost anyone’s geo-location. Image sensors can collect photos, videos, screen names, audio recordings, and other identification materials. New FTA rules aimed at preventing these new technologies from being used in children’s mobile applications.

Additionally, new rules eliminate one-time universal waivers that allow data collection into perpetuity. But, of course, there will be new technologies that parents and the FTC will continue to face.

COPPA CLASS ACTIONS

COPPA class actions are still a budding, cottage industry. In 2017, McDonald v Killo Apps was filed in the Northern District of California federal court alleging that the mobile game application ‘Subway Surfers’ violated various privacy laws, including COPPA, by exporting children’s information to advertises without parental consent. There have been over a billion downloads of the game and is a worldwide leader. However, in 2019 trial court was first still deciding which causes of action were actionable. At this writing no class certification motion has been filed.

And in late 2019, a massive COPPA class action lawsuit was filed against Google, YouTube, Cartoon Network, Dreamworks Animation, Hasbro, Mattel, and others under COPPA and California privacy laws for surreptitiously collecting the plaintiffs’ child’s personal information despite the aforementioned FTC settlement with YouTube. Hubbard v. Google, LLC, et al, Northern District of California.

Hence, while this is a ‘new’ area for massive class actions, ever changing technology and the massive profits that can be derived from internet information gathering insure that COPPA class actions will soon enough become more regularly filed. But it is always best to not rely on the legal system, or the goodwill of internet pages, but to closely monitor the applications your children are using, or the web pages that they frequent.