Governance & Risk Management , Privacy , Standards, Regulations & Compliance

Privacy Advocates Criticize FTC's Google Settlement

Google to Pay $170 Million Fine for YouTube's Child Privacy Violations
Privacy Advocates Criticize FTC's Google Settlement
YouTube headquarters in San Bruno, California (Photo: Jm3 via Flickr/CC)

Google will pay a $170 million fine to settle allegations that its YouTube subsidiary illegally collected personal information about children without their parents' consent, according to the U.S. Federal Trade Commission.

See Also: The Ultimate PIA and DPIA Handbook for Privacy Professionals

But some children's right groups and members of Congress say the penalty is far too low.

U.S. Sen. Josh Hawler, R-Mo., who has been increasingly critical of large technology companies for profiting from users' data, ripped the agreement in a tweet, arguing that the FTC has not done enough to ensure privacy.

The fine levied against Google comes a little over a month after the FTC fined Facebook $5 billion for misusing its users' data in violation of a 2012 agreement (see: It's Official: FTC Fines Facebook $5 Billion). That agreement also was criticized by privacy advocates and several politicians (see: Lawmakers, Privacy Advocates Slam FTC's Facebook Settlement).

Children's Privacy

On Wednesday, the FTC announced that it voted 3-2, with the three Republicans appointees voting for and the two Democrats voting against, to fine Google and its YouTube subsidiary. Google will pay $136 million to the FTC and $34 million to the New York Attorney General's Office, which also brought a complaint against YouTube in this case.

The case stems from allegations that YouTube violated the Children's Online Privacy Protection Act, a 1998 law that places parents in control over what information is collected from their young children online.

The FTC and the New York attorney general charged that YouTube used persistent identifiers or cookies to track children across the internet after they looked at various video channels created specifically for children, according to the complaint. Google and YouTube then made millions of dollars targeting ads to these children, the FTC says.

(Image: FTC)

Under the Children's Online Privacy Protection Act, companies need to get parents' permission to track children under the age of 13 with cookies and other identifiers, according to the complaint.

Wednesday's settlement is the largest fine the FTC has levied against a company for violating the Children's Online Privacy Protection Act, the commission announced.

"YouTube touted its popularity with children to prospective corporate clients," FTC Chairman Joe Simons says. "Yet when it came to complying with COPPA, the company refused to acknowledge that portions of its platform were clearly directed to kids. There’s no excuse for YouTube’s violations of the law."

As part of the agreement, YouTube must now require the owners of these child-oriented channels to properly identify content so that no targeted ads are used. The company must also get parent's permission before collecting and sharing children's data, according to the agreement.

"Starting in about four months, we will treat data from anyone watching children's content on YouTube as coming from a child, regardless of the age of the user," YouTube CEO Susan Wojcicki says in a blog post. "This means that we will limit data collection and use on videos made for kids only to what is needed to support the operation of the service. We will also stop serving personalized ads on this content entirely, and some features will no longer be available on this type of content, like comments and notifications."

FTC Commissioner Blasts Settlement

FTC Commissioner Rebecca Kelly Slaughter, a Democrat, said in a Wednesday statement that the agreement did not go far enough and left enough room for Google to continue to profit from targeting children with ads.

Several privacy advocates and members of Congress agreed.

"Merely requiring Google to follow the law, that’s a meaningless sanction," Jeffrey Chester, the executive director of the nonprofit Center for Digital Democracy, told the New York Times.

U.S. Sen. Ed Markey, D-Mass., argues that the FTC should have issued a "colossal" fine against Google that's more in line with the company's profits. In the second quarter of this year, Google's parent company Alphabet reported a profit of nearly $10 billion, according to the Associated Press.

"The FTC should have issued a colossal fine that fits Google’s crime and demanded that Google make significant structural changes to their business practices for the sake of the millions of children who use Google every day," Markey said.

But Chris Pierson, CEO of concierge cybersecurity firm BlackCloak, argues that the penalty in this case is enough to bring awareness to the situation and prompt companies to be more transparent.

"Privacy and cybersecurity must be baked into products before they go to market and the awareness must be there of those consumer options," Pierson tells Information Security Media Group. "However, fines and other penalties must be rational to bring about awareness and change as opposed to crippling fines that limit progress."


About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.