FTC Announces $2 Million Settlement with Ad Exchange Over Alleged COPPA Violations

On December 15, 2021, the Federal Trade Commission announced a $2 million settlement with OpenX Technologies (“OpenX”) in connection with alleged violations of the Children’s Online Privacy Protection Act Rule (“COPPA Rule”) and the FTC Act. According to the FTC’s complaint, OpenX knowingly collected personal information from children under age 13 without parental consent, and collected geolocation data from users of all ages who opted out of being tracked.

OpenX is an ad exchange that operates a real-time bidding (“RTB”) platform that sells ad inventory on participating websites and mobile apps. The FTC alleged that OpenX actively reviewed and identified hundreds of apps as “for toddlers,” “for kids,” “kids games,” or “preschool learning,” and included age ratings indicating that they were directed for children under 13. OpenX did not flag these apps and their data as being child-directed under COPPA, nor did it exclude the apps from participating in the company’s ad exchange. As a result, child users of these apps were improperly targeted with behavioral advertising.

The settlement levies a $7.5 million civil penalty, $5.5 million of which is suspended due to OpenX’s financial condition. In addition to the payment, OpenX will be required to delete all ad request data it collected to serve targeted ads to users of the child-directed apps and implement a comprehensive privacy program to ensure it complies with COPPA. The company also is required to review apps that participate in its ad exchange on a periodic basis to identify additional child-directed apps and ban them from participation, as well as keep track of which apps and websites have been banned or removed.