The US Federal Trade Commission has fined OpenX Ad Exchange $2 million for violating the Children’s Online Privacy Protection Act (COPPA Rule) which requires parental consent before collecting, using or disclosing children’s personal information.
OpenX Ad Exchange
OpenX is an automated ad exchange program that sells ads on more than 1,200 premium publishers and at least 50,000 mobile apps.
The FTC found that OpenX violated the FTC’s COPPA Act by trading in personal data collected from young children and other children under 13 and exposing children to behaviorally targeting advertising in violation of the COPPA rules.
United States government Written by the Federal Trade Commission Commissioner:
“OpenX misrepresented its data collection practices on two fronts: by collecting and transmitting location data when the consumer did not provide consent or explicitly refused consent; and by misrepresenting the activities and practices of the Children’s Online Privacy Protection Act.
The complaint also alleges that OpenX also violated COPPA itself, by collecting personal information from users of child-directed properties without providing parents notice and then obtaining consent.
… Part XI of the Order requires OpenX to email all of its “claimed” customers and inform them that OpenX … has failed to comply with the Children’s Online Privacy Protection Act (COPPA) by allowing certain applications directed at children to participate in Ad Exchange, despite its policy of banning child-oriented apps from sharing.
As a result of this alleged failure, targeted advertisements were served to some children without parental notice and consent.”
What OpenX revealed on this score is the fact that they advertise their ad exchange as having human reviewers who check the quality of the traffic.
“According to OpenX, it has the only Traffic Quality team in the industry that performs a human review of every site to ensure compliance with OpenX policies and accurate subject matter classification of all websites and applications for the benefit of its demand-side partners.”
OpenX
OpenX is an automated ad exchange company that provides ad serving technology to place ads on websites and offers real-time bids to place those ads.
One of the founders of OpenX is Tim CadoganSenior Vice President of Global Advertising Markets at Yahoo and is now CEO of GoFundMe.
Children’s Online Privacy Protection Act (COPPA)
The Children’s Online Privacy Protection Act is designed to give parents control over the types of data that is collected about their children.
The rules apply to websites directed at children and sites that you know collect information from children.
Websites directed at young children and children under the age of 13 must have parental permission.
COPPA’s full requirements are listed in the FTC.
The FTC accuses OpenX of selling ads to children
According to the FTC, OpenX intentionally sold ad space on children’s apps to advertisers without reporting that ads were served on apps that were directed to toddlers and other children.
The reason the FTC states that OpenX intentionally sold ads to children is because OpenX markets their ad exchanges as human reviewers as well as automated reviews.
According to the FTC announcement:
The FTC investigation found that OpenX reviewed hundreds of apps directed at children with terms that defined the target audience as “toddlers,” “for kids,” “games for kids,” or “preschool learning,” and included age ratings for the apps noting It is intended for children under the age of 13.
These apps and their data were not flagged as directed at children and participated in the OpenX ad exchange, according to the Federal Trade Commission (FTC).
Because OpenX knew that the apps in the ad exchange were directed to children and that the company was collecting personal information from children under 13, the FTC alleged that it violated the COPPA rule.
OpenX passed this personal data to third parties that used it to target advertisements to users of apps directed at children.”
OpenX violates users’ geolocation preferences
In addition to selling ads to young children, OpenX also sells ads based on a site visitor’s geographic location even though they have opted out of geotargeting.
According to the FTC, the breach occurred for users who opted out of geolocation tracking on Android phones.
The Federal Trade Commission stated:
According to the complaint, OpenX violated FTC law by falsely claiming that the company did not collect geolocation from users who opted out of data collection.
In fact, the FTC alleged, OpenX continued to collect geolocation data from certain Android mobile phone users even after they specifically chose not to collect such location tracking data.
quotes
Read the FTC OpenX Fine announcement
Read the Children’s Online Privacy Protection Rule
https://www.ecfr.gov/current/title-16/part-312
Read the corresponding statement from FTC Commissioner Phillips
Concurrent statement by Commissioner Noah Joshua Phillips (PDF)
