Privacy

The FTC’s Google/YouTube Settlement Lacks Teeth to Deter Continued Children’s Privacy Violations

Statement by Susan Grant, Director of Consumer Protection and Privacy

Washington, D.C. Once again the Federal Trade Commission (FTC) has entered into a too-weak settlement with a major tech company for violating consumers’ privacy. In July it was Facebook, and now another behemoth in the commercial surveillance ecosystem has been let off easy with a relatively low fine and insufficient changes to its business practices.

Google not only failed to prevent behavioral marketing to children on YouTube, the second-most popular website in the world, but actively discouraged content creators from turning off behavioral advertising because it would result in less revenue for them – and by extension, for Google. YouTube’s ad revenues in the US alone are estimated at nearly $4 billion last year, making the $170 million fine in this case simply a cost of doing business, not an effective deterrent.

Even more disturbing, while Google and YouTube have agreed to require content creators to designate videos they wish to upload as child-directed or not, and not to serve behavioral advertising or track persistent identifiers for videos that are designated as child-directed, Google and YouTube are not required to actually police their platform to ensure that appropriate designations are actually being made. This lack of accountability is inexcusable, especially since the FTC has a clear authority under the Children’s Online Privacy Protection Act to enforce children’s privacy rights. It’s like having a school playground with no one responsible for watching the kids and making sure the equipment is safe.

We agree with the dissenting opinions of FTC Commissioners Chopra and Slaughter that this simply is not a good-enough outcome for parents or kids. The FTC’s failure to take meaningful action, even when it has a specific mandate to do so, is one reason why Consumer Federation of America and many other groups are calling for a new US Data Protection Authority.