YouTube Illegally Collects Children’s Data, Consumer Groups Say

First, it was Facebook Messenger Kids. Now, the Campaign for a Commercial-Free Childhood (CCFC) is taking aim at YouTube, alleging the Google-owned social media platform has been illegally collecting and using data in violation of the U.S. Children’s Online Privacy Protection Act (COPPA).

The CCFC is joined by 22 other consumer advocacy and privacy protection groups in a new complaint with the U.S. Federal Trade Commission. The complaint alleges Google and its subsidiary YouTube collects personal data (like geolocation, unique identifiers, and mobile device information) from children under the age of 13 without prior parental consent required under COPPA directives. 

The complaint states that although YouTube outlines clearly in their terms of service that their products and services are not intended for children under 13 years of age (YouTube, in fact, has a separate “YouTube Kids” platform) programming aimed at young children still runs rampant on their site, and that programming (and the subsequent data collected from users interacting with it) is still being used for advertising initiatives.

To put it simply, the CCFC and their partners allege Google knew they were unlawfully collecting children’s data, YouTube’s privacy policy isn’t enough, and more dire action needs to be taken to protect children and their data.

As stated in the complaint:

“Google is subject to COPPA because, as discussed below, a significant portion of YouTube’s channels are directed to children. Moreover, even if portions of YouTube were not directed to children, Google has actual knowledge that it is collecting data from children using YouTube.

YouTube’s Terms of Service state that the service is not intended for children:

‘You affirm that you are either more than 18 years of age, or an emancipated minor, or possess legal parental or guardian consent, and are fully able and competent to enter into the terms, conditions, obligations, affirmations, representations, and warranties set forth in these Terms of Service, and to abide by and comply with these Terms of Service. In any case, you affirm that you are over the age of 13, as the Service is not intended for children under 13. If you are under 13 years of age, then please do not use the Service. There are lots of other great web sites for you. Talk to your parents about what sites are appropriate for you.’

This language, however, does not exempt YouTube from complying with COPPA. As the FTC explained in revising the COPPA Rule, “a web site or online service that has the attributes, look, and feel of a property targeted to children under 13 will be deemed to be a site or service directed to children, even if the operator were to claim that was not its intent.”

The complaint brings up an interesting point about the context of policies that have “protected” companies like YouTube when it comes to data collection. It is the same types of concerns expressed when Facebook released their Messenger Kids app (and on a broader scope, the recent Cambridge Analytica scandal) earlier this year.

Upcoming GDPR legislation addresses the issue with terms and conditions in regard to children’s data directly:

“This is of particular relevance in situations where the proliferation of actors and the technological complexity of practice make it difficult for the data subject to know and understand whether, by whom and for what purpose personal data relating to him or her are being collected, such as in the case of online advertising.” (Recital 58)

It’s also important to note that under GDPR, children up to age 16 are protected under the law. This will require companies that deal with children’s data to ensure their privacy polices are worded in a way that is comprehensible to their audience.

But, GDPR isn’t in effect yet, and this complaint is in regard to COPPA violations – a U.S. law that has been in practice for years. But the challenge here remains the same.

Are brands doing their due diligence to ensure their privacy policies and terms of service clearly show how they plan to use and protect data? And perhaps, more importantly – do brands need to take more responsibility to provide clear, transparent language for their consumers?

As cases like this continue to unveil themselves, we’ll see. 


Related Posts