KidAware Bulletin - January 2022

FTC Happenings: COPPA Case, New Guidance, and Safe Harbor Scrutiny

At the end of 2021, the Federal Trade Commission (FTC) announced a $2 million settlement with OpenX Technologies (OpenX) for knowingly collecting children’s personal information without obtaining parental consent, in breach of COPPA. Apparently, OpenX allowed kids’ apps and websites to participate in its online ad exchange, and failed to flag them as child-directed (even though the company claimed to manually review its publishers for this purpose).

The FTC found that hundreds of apps using the platform were directed to children under 13, based on both the age ratings and the app descriptions, which used terms such as “kids,” and “preschool”. As a result of OpenX failing to flag these services, child users were inappropriately targeted with behavioral advertising, which contravened OpenX’s privacy policy. The complaint also alleged that the company’s privacy policy misrepresented that consumers could opt out of location data collection, when in fact OpenX continued to track users’ geolocation even after they had opted out, in a breach of the FTC Act.

The settlement indicates that the FTC is prepared to hold companies accountable for complying with their privacy policies and promises. The FTC shared a blog post where it called out the “often invisible” ad tech industry and explicitly highlighted its responsibility. Commissioner Phillips released a concurring statement cautioning the FTC against unintentionally discouraging human review.

The FTC then kicked off 2022 with a settlement with Fashion Nova for suppressing customer reviews, which it quickly followed up with the release of two new guidance documents — one for websites and platforms that collect, moderate and publish reviews and the other for marketers who may solicit or pay for reviews of their own products or services. It appears that the FTC is following through on its promise to crack down on misleading endorsements (as signaled by its Notice of Penalty Offenses last year).

Meanwhile, the FTC’s COPPA Safe Harbors continue to face scrutiny, five months after Aristotle was removed from the list of self-regulatory organizations. Safe Harbor programs are meant to ensure participants provide substantially the same or greater protections for children’ as those detailed in the COPPA Rule. A pair of Democrat House representatives sent letters to all the Safe Harbor organizations to request more information about their adherence to program standards. It is widely expected that the FTC’s current review of the COPPA Rule will lead, among other things, to changes designed to strengthen the Safe Harbor program.

Targeted advertising under fire

Behaviorally targeted advertising has been in the crosshairs for amassing too much personal data for some time now. Many solutions have been proposed including a cookie-less future, like that promised by Google’s FLoC, which would enable advertisers to target cohorts of users based on their interests rather than individuals.

However, after privacy groups voiced concern that FLoC could still be used to target users individually, and regulators began to investigate whether the whole plan would simply further entrench Google’s dominance in the ad market, Google scrapped its plans. The company instead proposed a new approach – the Topics API, a way for advertisers to target consumers based on a limited number of interest categories derived from their browsing history. Topics would still eliminate cookies, but privacy advocates and Google’s competitors still aren’t yet convinced on the proposal. For more information, eMarketer made a helpful summary of the issues.

Lawmakers, though, have grown impatient and mistrustful of Big Tech. Taking matters into their own hands, Democrats recently unveiled the Banning Surveillance Advertising Act. The bill would prohibit ad networks and intermediaries from using personal data to target ads (with some exceptions) and from targeting ads based on protected information like race or religion. While new state privacy laws in California, Virginia and Colorado have focused on giving consumers choices over use of their data for advertising purposes, this legislation would prohibit it entirely. This would be a drastic change so it’s unsurprising that industry groups like the IAB oppose it.

The European Parliament voted in favor of similar legislation — its version of the Digital Services Act (DSA) would prevent Big Tech from using sensitive information for targeted advertising, and would ban behaviourally targeted advertising to children altogether. The law would also encourage platforms to remove illegal content and require easy opt-out of tracking for users. Although the DSA now enters a phase of negotiations known as the ‘political trilogues’, if passed, its effects on the advertising and digital content industries would potentially be as far-reaching as the GDPR.

Big Tech continued to be under legal scrutiny

Meta is in the news over child safety concerns, this time over its Oculus Quest 2 (rebranded since to Meta Quest). The UK’s Information Commissioner’s Office (ICO) announced that it is planning “further discussions” with the social media giant to learn about the device’s compliance with the Age-Appropriate Design Code (Children’s Code). The UK’s new commissioner hopes to push for large-scale change in how tech companies operate, even outside of the UK’s borders, by playing “a leadership role in the digital economy”.

Back in the US, the FTC is also reportedly investigating Meta’s VR division. Since Oculus is seen as an integral part of Meta’s ambitions to lead the metaverse, child advocacy groups like the NSPCC have suggested that Zuckerberg is “not committed to building in safety from the outset.”

Meta is also being sued by parents alleging that Facebook profited off children’s personal data including biometric data. The complaint suggests that Facebook benefited from ‘harvesting’ the images of 285m children that were posted on Facebook.

In other news, Google has come under criticism for poor enforcement of its ad policy for children. Reuters reportedly found ads for sex toys, liquor, and high-risk investments that should have been blocked under Google’s efforts to comply with UK’s Age-Appropriate Design Code. Alphabet Inc. (Google’s parent company) said that it would seek to immediately improve its advertising policy.

In a win for Big Tech, Apple defeated a lawsuit that alleged that ‘loot boxes’ are akin to illegal slot machines, prohibited by California law. The plaintiff sued Apple for hosting a game that included loot boxes in its Apple App Store but the court dismissed the suit for both a lack of standing as well as on the merits that it did not believe ‘loot boxes’ were akin to gambling devices.

With so much social media controversy, the Association of National Advertisers (ANA) and its members have begun wrestling with the idea of an industry self-regulatory body to handle social media issues.

In other news:

The UK’s Advertising Standards Authority (ASA) issued a ruling on Mondelez UK Ltd. after receiving several complaints that an ad for Dairylea condoned unsafe behavior that could be dangerous for children to imitate. The ad featured two young children eating whilst hanging upside down from a football goal. The ASA upheld the complaint on the basis that although eating the food in this ad may not have been problematic, kids may see the ad and try to emulate it with other foods, creating a risk of choking. The ASA also recently announced that it will be taking out ads against non-compliant influencers on Instagram, alerting consumers to their failure to follow the rules.

Snapchat is adding a new safeguard to help ensure young users only connect with people they know in real life. Snapchat is changing its “Quick Add” friends suggestion so that it is impossible to add users under 18 unless there are a certain number of friends in common.

The Children’s Advertising Review Unit (CARU) has begun enforcement for compliance with its new, updated Guidelines. The revised guidelines went into effect on January 1, 2022. While the core principles remain the same, updates address the evolving nature of advertising in areas such as influencer marketing and mobile apps. The updated guidelines also highlight the importance of diversity and inclusion in advertising.

UK lawmakers are hoping to further strengthen the draft Online Safety Bill. Since the draft’s release in May, lawmakers have been studying the bill and collecting evidence from a range of stakeholders as well as Big Tech executives about their thoughts. The lawmakers have now published recommendations, including adding new offenses that would criminalize activity such as encouraging self-harm, or sending unwanted nude phot

Warm wishes,
Katie Goldstein
Global Head of KidAware

FTC Happenings: COPPA Case, New Guidance, and Safe Harbor Scrutiny

Targeted advertising under fire

Big Tech continued to be under legal scrutiny

In other news:

Related articles

SuperAwesome Joins Tech Nation’s Future Fifty: A Milestone Moment for Our Mission and Team

Navigating Youth Privacy Regulation in 2025: What Brands Need to Know

Leading the Way: Celebrating our Female Trailblazers | Spotlight on Fade Chuck

Leading the Way: Celebrating our Female Trailblazers | Spotlight on Sheenagh Rogers

Leading the Way: Celebrating Our Female Trailblazers | Spotlight on Emily Rowbotham

Leading the Way: Celebrating Our Female Trailblazers | IWD 2025 with Kate O’Loughlin