Data Privacy
FTC and NY AG Obtain Record Settlement of Alleged COPPA Violations
By Jaclyn C. Weissgerber, Young Conaway Stargatt & Taylor, LLP
Google LLC and its subsidiary YouTube will pay a total of $170 million to the Federal Trade Commission (FTC) and the New York Attorney General (NY AG) to settle claims that YouTube violated the Children’s Online Privacy Protection Act, also known as COPPA. This settlement sets the record as the largest financial remedy for COPPA violations since COPPA was enacted in 1998; the prior record was $5.7 million.
COPPA requires that child-directed websites and online services provide notice and obtain parental consent before collecting personal information from children under age 13. In the complaint filed with the United States District Court for the District of Columbia, the FTC and NY AG alleged that YouTube, which marketed itself as a top web-destination for kids, violated COPPA because it did not properly notify parents and obtain their consent before collecting and using their children’s personal information. Specifically, the complaint alleged that YouTube collected “persistent identifiers” such as cookies that are used to track viewers over time and across websites, and used that data to deliver targeted ads to children, from which it earned millions.
Besides paying the $170 million penalty, YouTube has also agreed to create a system for the channels on its platform to identify child-directed content so that those viewers will no longer be tracked for advertising purposes, and to provide COPPA training to employees responsible for managing YouTube channels.
EU Court Holds Right to Be Forgotten Applies Only In EU
By Melissa Hall, MacRoberts LLP
On September 24, 2019, the European Court of Justice (Court) gave a landmark ruling which clarified the territorial reach of the ‘right to be forgotten’. The relevant case involved Google, and the French supervisory authority, CNIL. In high-level terms, the Court held that a search engine provider is not required to remove links to information in all versions of its search engine available worldwide when dealing with a right to be forgotten request. Instead, it is only required to remove links on the versions of its search engine intended for use in the EU member states, and to adopt measures to ensure the effective protection of individuals’ fundamental rights by preventing a user located in the EU from accessing the personal data through the search engine’s international domain names (e.g. geo-blocking). Though the decision was made under the former 1995 EU Data Protection Directive, it will have implications under the new General Data Protection Regulation (GDPR) also.
California Supreme Court Decision Could Force Changes in Website Practices
By John Ottaviani
In a case that may have far-reaching implications for commercial websites, the California Supreme Court recently lowered the bar for alleging standing in discrimination cases. In an unanimous opinion in White v. Square, Inc., No. S249248 (Cal. Aug. 12, 2019), the California Supreme Court held that a person who visits a business’s website with an intent to use its services, and who encounters terms or conditions that exclude the person from full and equal access to its services, has standing to sue under the state’s Unruh Civil Rights Act, with no further requirement that the person enter into an agreement or transaction with the business. In this case, the plaintiff is a bankruptcy attorney who, before agreeing to Square’s terms of service, discovered a provision prohibiting the service’s use by bankruptcy attorneys.
Although technically an occupation discrimination case, the decision has implications for websites, especially those subject to the California law, which may now be open to discrimination claims for various other practices, including inadequate accessibility or discriminatory website terms of use. If read broadly, the lower bar suggests that such websites may be vulnerable to class action lawsuits, as the plaintiffs will be able to demonstrate standing without having to enter into terms of use that often purport to shift the dispute venue to arbitration. Even if the defendants can ultimately prevail, such suits will be costly, which may force businesses to make their websites more accessible and terms of service less discriminatory in order to avoid such suits. It remains to be seen how broadly the case will be interpreted.