ALERT: Google’s Plan to Open Its Services to Children Could Spur Changes to COPPA Enforcement
Recent reports indicate that Google is developing a program that would allow children under the age of 13 to obtain accounts on Google services such as Gmail and YouTube. The Wall Street Journal recently reported that “Google is trying to establish a new system that lets parents set up accounts for their kids, control how they use Google services and what information is collected about their offspring… Google wants to make the process easier and compliant with the rules.” These accounts would allow children under the age of 13 to create their own Gmail accounts and access child-friendly YouTube channels. Google currently employs an age-neutral verification mechanism, where account creators are simply asked to identify the day, month, and year of their birth (as opposed to, for example, directly asking “are you 13 or older?”). The idea here is to not “tip off” account creators that age may be a limitation to one’s ability to open a Google account. Google also uses cookies during the account creation process to guard against people simply reverting their browsers to enter a different birthday to gain access and, ultimately, create an account.
Google’s reported change in its stance on allowing children to create accounts is a dramatic shift and undoubtedly reflects the undeniable fact that children are active users of the Internet-- a fact that cannot be denied or thwarted by even highly sophisticated age-gating measures. Google is not alone. Every website and app operator is required to take very specific measures to guard against or enable children to use their websites and apps in accordance with myriad regulations.
The controlling regulation here is the FTC’s Children’s Online Privacy Protection Act (“COPPA”), which we at InfoLawGroup have addressed in earlier blog postings and advise clients on a regular basis. In order to comply with COPPA, any website operator, including Google, requires children under the age of 13 to obtain “verifiable parental consent” before they can provide any personally identifying information (“PII”) to website operators.
In 2013, the FTC issued new rules and requirements that significantly broadened the scope of PII to include IP addresses, physical locations, and photographs. The expanded COPPA rules also cover ad networks and plug-ins if the website operator has a reason to believe that a user is under the age of 13. Additionally, the updated COPPA rules covers “persistent identifiers” that recognize a user over a period if time if used for purposes other than “support for internal operations” (e.g., tracking the number and frequency of users of a website or app, as opposed to using PII for personally-directed services, such as behavioral, targeted advertising).
Given the recent amendments to COPPA, it will be interesting to see how Google addresses its purported plan to increase dramatically the scope of its offerings to children under the age of 13. This is especially true in light of Google’s heavy reliance on advertising revenue as a source of revenue. Google’s reported move reflects the inevitable-- that children are using the Internet, regardless of age-verification methods website operators currently employ.
Undoubtedly, Google’s reported move could pave the way for greater insight as to how to be COPPA-compliant in the burgeoning Internet realm. Also, given Google’s goliath presence online, the FTC will undoubtedly be on high watch. The protection of children’s privacy has always, and will continue to be, a key issue on the FTC’s radar. As always, InfoLawGroup will be monitoring the FTC’s evolving stance on COPPA and what transpires with Google’s anticipated move to open its services to children under the age of 13.