Many months ago, major advertisers headed for the door due to an alleged pedophile ring that was leaving untoward comments on kid’s videos on YouTube. Instead of clamping down on illegal preteen accounts, YouTube disabled comments on videos that had kids in them regardless of who was responsible for the content and how responsible the channel owner was. Basically, if a video contains a kid in it, comments can be banned to prevent the leaving ickyness. At the same time, blatant COPPA violations have continued including YouTube deleting a comment from a 10-year-old where he admitted his age. They removed actual knowledge under COPPA. The channel was allowed to stand without the age confession and the child got around the comment ban by holding live feeds where he accepted money from adults.
To compound this sloppiness, YouTube demonitized and comment blocked family channels ran by parents and even adults who had videos of themselves when they were less than 18 years old. This includes Burke BunchTV (https://www.youtube.com/user/tchzwalp), Alec in WILDerland ran by a now 18-year-old (https://www.youtube.com/watch?v=FEGFdjQ8LIw) but previously professionally produced and maintained by adults and the eclectic and profane Maximus Thor (https://www.youtube.com/channel/UCzydWtf2Y5XQqKeEnO4gOvQ) which Maximus is a character and the channel is produced by his father.
So, what went right?
I give no credit to YouTube for the comment blocking because they not only have not introduced new ways to confront the preteen problem, they have made it worse by erasing evidence self-reported by underage channel owners. To take away up to a decade of comments from an adult ran channel when a kid is present in an older video is a serious blow to adults running their own channels. Comments are a lifeblood for creators that allows for feedback and suggestions. They are affirmations to the channel owner and help guide the direction of the channel. To remove comments from parent ran accounts is lazy and no advertiser should come back because of this “fix”. Demonitization picks the pockets of channel owners and denies advertisers from posting products on legitimate videos.
What went right is simple. Kids want the same affirmation. Without comments they don’t get to interact, and they are posting less because of it. The 10-year-old mentioned above hasn’t posted in two months. There is no way to report an age violation per day so even in the face of actual knowledge of his age they let him stay
YouTube got caught not policing its site and are punishing creators instead of putting in tools to kick off preteens. This 10-year-old kid has 2,388 subscribers and more than 700K on one video of him modeling a Speedo. There’s all kind of things wrong with this account including that it was created when he was 1 year old and has his real name listed.
Hopefully we’ll see tools that allow adults being allowed to moderate their own channels and one day see YouTube take COPPA seriously. In the meantime, I hope YouTube doesn’t get let off the hook after so many years of avoiding COPPA violations.
Earlier this month, the FTC sent a letter to Wildec, LLC, the Ukraine-based maker of several mobile dating apps, alleging that the apps were collecting the personal information and location data of users under the age of 13 without first obtaining verifiable parental consent or otherwise complying with the Children’s Online Privacy Protection Act (COPPA)…
Protecting children’s data online must come to the forefront of GDPR enforcement following violations of child privacy online. It has been a year since the General Data Protection Regulation (GDPR) came into force. Last May we saw businesses scrambling to get their houses in order realising the hefty fines they could face and others burying their heads in the sand. Violations for non-compliance can result in penalties up to four per cent of the organisations worldwide revenue or €20 million, whichever is greater
Finally, child data privacy could get much-needed reform in new bill The Children’s Online Privacy Protection Act, which was passed decades ago, could finally see a long-overdue update for an era in which social media and IoT devices present new risks. [Photo: scaliger/iStock] BY DJ PANGBURN4 MINUTE READ In the early days of the internet, the U.S. government passed The Children’s Online Privacy Protection Act (COPPA). Its flaws–the ease with which children can fake their age, and no protection against ads–
With several children’s models banned in Europe, but demand still spiking, kidtech companies are hoping there’s still time to get in on the uncertain market.
“Kids smartwatches don’t have the best reputation. The German telecommunications regulator, Federal Network Agency, banned the sale of smartwatches aimed at children and urged parents to destroy the devices, describing them as spying tools.”
From the FTC. https://www.ftc.gov/news-events/blogs/business-blog/2019/04/i-dressup-data-security-mess
Kids love to play dress-up, but parents wouldn’t want them rummaging through the attic or climbing to the top shelf of the wardrobe without permission and proper supervision. The i-Dressup.com website offered users – including children – a virtual way to play dress-up and design clothes without those potential dangers. But according to an FTC complaint, Unixiz, Inc., the company behind i-Dressup, violated the Children’s Online Privacy Protection Act in ways that created different kinds of risks.
COPPA puts two separate sets of protections in place to help keep parents in control of personal information collected from their kids online. First, COPPA-covered companies must clearly disclose their information policies and get parental consent before collecting personal information from children under 13. Second, companies must provide reasonable and appropriate security for the data they collect. According to an FTC settlement, i-Dressup fell short on both COPPA requirements.
The complaint alleges i-Dressup failed to provide sufficient notice on its site of the information it collected online from kids, how it used it, its disclosure practices, and other specifics required by the COPPA Rule. The company’s direct notices to parents were deficient, too. Among other things, they didn’t include the COPPA-required statement that if parents don’t provide consent within a reasonable time, i-Dressup will delete their online contact information from its records. Stick with the story because that failure turned out to be particularly troubling.
In addition to letting users play online games, i-Dressup featured a community where they could “explore their creativity and fashion sense with unique personal profiles” and interact with others. To register, i-Dressup required people to submit a user name, password, birthdate, and email address. If the birthdate indicated the person was under 13, the email field changed to “Parent’s Email.” Once the under-13 user filled in the required fields and clicked “Join Now,” i-Dressup collected the personal information and sent a message to the address entered into the Parent’s Email field. The person receiving the email could consent by clicking the “Activate Now!” button.
However, if the parent didn’t give consent, i-Dressup retained the personal information it had collected from the child online. The FTC says the company’s failure to delete that information violated Section 312.5(c)(1) of the COPPA Rule.
In addition to violating COPPA’s parental consent provisions, i-Dressup allegedly violated the Rule’s data security requirements. According to the FTC, i-Dressup stored and transmitted users’ personal information (including passwords) in plain text. In addition, the company failed to perform network vulnerability testing of its network, even for well-known threats like SQL attacks; it didn’t implement an intrusion detection and prevention system; and it didn’t monitor for potential security incidents. The upshot? The company learned that a hacker had gained entry to its network and accessed information about 2.1 million users, including approximately 245,000 users who indicated they were under 13.
To settle the case, i-Dressup and its owners will pay a $35,000 civil penalty. They’re also prohibited from violating COPPA in the future, and can’t sell, share, or collect any personal information until they implement a comprehensive data security program and get independent biennial assessments. In addition, they’ll have to provide the FTC with an annual certification of compliance.
The message for sites and operators covered by COPPA is that an effective system of parental consent is only the first step toward compliance. Section 312.8 of the COPPA Rule also requires you to “establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.”
Online games and websites for kids are everywhere these days – to the point that it’s commonplace to see toddlers playing with them, too. And while the internet has positive ways for kids to explore and learn, privacy concerns are lurking. To help protect children’s privacy, the FTC enforces the Children’s Online Privacy Protection Act (COPPA), which requires websites and online services to get consent from parents before collecting personal information from kids younger than 13.
The Federal Trade Commission approved changes to a video game industry self-regulatory program aimed at ensuring compliance with the Children’s Online Privacy Protection Act (COPPA) Rule.
The Entertainment Software Ratings Board (ESRB) applied for approval of proposed modifications to its COPPA safe harbor program. The FTC’s COPPA Rule requires, among other things, that operators of commercial websites and online services directed to children under the age of 13, or general audience websites and online services that knowingly collect personal information from children under 13, must obtain parental consent before collecting, using, or disclosing any personal information from children under the age of 13. The FTC’s COPPA Rule includes a “safe harbor” provision that allows industry groups and others to ask the Commission to approve self-regulatory guidelines that implement the protections of the Rule. Companies that comply with an FTC-approved safe harbor program are exempt from agency enforcement action under the Rule.
Earlier this year, the FTC sought comment on ESRB’s proposed changes to its COPPA safe harbor guidelines. For example, ESRB proposed changes to its definition of “personal information and data” in light of recently issued Commission guidance about collection of audio recordings.
The FTC received five comments from individuals and consumer advocates. For example, the Campaign for a Commercial-Free Childhood and the Center for Digital Democracy jointly recommended changes to ESRB’s proposal. Among their recommendations was that ESRB retain language from the existing program that defines street-level geolocation information as personal information and data, and include language that would make it a requirement – instead of a suggestion – to limit collection of “personal information and data.” Another commenter, the Electronic Privacy Information Center, called for other changes, including asking that the Commission reject a proposed change that would narrow ESRB’s definition of “child/children” to only U.S. residents. The revised guidelines approved by the Commission include a number of changes to address issues identified by commenters.
The Commission vote to approve the changes to ESRB’s COPPA safe harbor program was 5-0.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.
Buckling up in the car is a precaution parents take to protect themselves and their children. When it comes to the Children’s Online Privacy Protection Act, navigating the rules of the COPPA Road helps protect your business and the kids who visit your website or use your online service. Most companies are familiar with COPPA’s mandate to get parental consent up front before collecting personal information from children under 13. But there’s another requirement farther down the COPPA Road that some businesses may not know about.Read more >