California-based online advertising platform OpenX Technologies, Inc. will pay $2 million to settle Federal Trade Commission allegations that it collected personal information from children under 13 without parental consent, a violation of the federal Children’s Online Privacy Protection Act Rule (COPPA). The FTC also alleged OpenX collected geolocation information from users who specifically asked not to be tracked.
OpenX operates a real-time bidding platform that monetizes websites and mobile apps by selling ad space. COPPA requires that websites, apps, and online services that are child-directed or knowingly collect personal information from children notify parents and get their consent before collecting, using or disclosing personal information from children under 13. “OpenX secretly collected location data and opened the door to privacy violations on a massive scale, including against children,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Digital advertising gatekeepers may operate behind the scenes, but they are not above the law.”
OpenX passed this personal data to third parties that used it to target ads to users of the child-directed apps, the FTC says. Also, OpenX falsely claimed that it did not collect geolocation from users who opted out of such data collection, according to the complaint. “In fact,” the FTC alleged, “OpenX did continue to collect geolocation data from some Android mobile phone users even after they specifically chose not to have such location tracking data collected.”
In addition to paying $2 million, OpenX must delete all data it collected to serve targeted ads, implement a comprehensive privacy compliance program, and stop collecting and retaining personal data of children under 13. The DOJ filed the complaint and final order on behalf of the Commission in the U.S. District Court for the Central District of California, Western Division.