Overlooking Privacy: YouTube fined $170m for collecting children’s personal data

September 20, 2019

3 min read

Sign up to our mailing list! 👇

What's going on here?

The Federal Trade Commission (FTC) recently fined YouTube a record $170 million for breaching the Children’s Online Privacy Protection Act of 1988 (COPPA) by targeting adverts at children after illegally harvesting their personal information.

What does this mean?

Google (which owns YouTube) decided to settle with the FTC following the Commission’s investigation. However, critics argue that the blatant breach of COPPA merited greater punishment. YouTube settled for the largest amount that has ever been linked to a case involving children’s data privacy.

COPPA requires:

    • parental consent in order to collect data from children aged 13 or less
    • sites with users who are children (under 13) to fully disclose their data practices

Google had not acknowledged that a part of YouTube’s audience was children in their defence for failing to comply with the regulation. However, this explicitly contradicted what YouTube has been saying in pitches to Mattel and Hasbro (two American toy companies), where it claimed it was the world “leader” in reaching children between the ages of 6-11. Letitia James (the New York Attorney General) explained that “Google and YouTube knowingly and illegally monitored, tracked, and served targeted ads to young children just to keep advertising dollars rolling in”.

What's the big picture effect?

The settlement has received both praise and criticism. YouTube’s chief executive Susan Wojcicki reaffirmed the company’s commitment to complying with child data protection laws, stating that “nothing is more important than protecting kids and their privacy”. She later detailed in a blog that YouTube would “stop serving personalised ads” and “limit data collection” on children’s videos. She added that YouTube would introduce “machine learning” on videos that target child audiences to better recognise content that requires more protection.

And there is good reason for YouTube to state such a clear intention to change. The FTC has clearly stated its intention to crack down on data breaches in the past months. YouTube’s record COPPA fine follows Facebook’s record data protection fine of $5 billion (check out our report on that here). The previous record fine for COPPA breaches (TikTok’s $5.7 million fine) has now been dwarfed by the new $170 million penalty. Many hope that continued scrutiny and punishment regarding data protection will increase after fines of this new magnitude.

However, some are still not convinced that the FTC is doing enough to adequately punish tech firms like Google for breaching data protection laws. The executive director of the Center for Digital Democracy (one of the leading consumer protection and privacy organisations in the United States) stated that the sanction was “meaningless”. He used the example of a speeding fine: “It’s the equivalent of a cop pulling somebody over for speeding at 110 miles an hour, and they get off with a warning.” Google’s revenue in 2018 totalled $136.8 billion, and one Google employee estimated YouTube’s revenue to be around $14 billion last year. It is fair to say that $170 million, whilst a large sum, is of little bother to the tech giant. And investors did not seem afraid of the damage to the company’s reputation, with Alphabet’s shares increasing in value by 1.1% by the end of the day when the fine was announced.

Nevertheless, this could just be the beginning of bigger problems for Google. With tougher fines from new GDPR regulation in Europe and a serious investigation by the Irish data regulator into Google, privacy is becoming an area for concern. There’s a big question as to whether regulators are effectively tackling the issue of data protection.

Report written by Will Holmes

If you’d like to write for LittleLaw, click here!

Share this now!

Check out our recent reports!