LOGO

OpenX FTC Fine: Location Data Collection on Children

December 16, 2021
Topics:Advertising TechAndroidcaliforniacoppaFederal Trade Commissiononline advertisingOpenXPrivacyprivacySecuritysocial issues
OpenX FTC Fine: Location Data Collection on Children

OpenX Settles FTC Allegations Regarding Children’s Privacy

OpenX, a company specializing in advertising technology, has agreed to a $2 million payment to the U.S. Federal Trade Commission (FTC) to resolve accusations of violating federal regulations concerning children’s online privacy.

COPPA Violation Allegations

The FTC filed a complaint in the U.S. District Court for the Central District of California. This complaint asserts that OpenX contravened the Children’s Online Privacy Protection Act (COPPA) by gathering personal information from individuals under the age of 13 without securing parental permission.

The company, headquartered in California, is further accused of intentionally collecting data from numerous applications designed for children, toddlers, and preschool-aged learners.

Data Collection and Transmission

This collected data – encompassing precise location details, IP addresses, and unique device identifiers – was then reportedly transmitted to third parties.

These third parties subsequently utilized the information for the purpose of delivering targeted advertising.

Scale of Data Collection

According to the complaint, OpenX processed a substantial volume of ad requests originating from apps aimed at children. Millions, potentially billions, of bid requests containing children’s personal information were transmitted.

Additional FTC Act Violation

Beyond the COPPA breach, the FTC alleges that OpenX violated the FTC Act. This violation stems from allegedly false claims regarding its data collection practices.

Specifically, OpenX purportedly stated it did not collect granular location data from users who opted out, despite continuing to gather such data from certain Android users even after they had explicitly declined location tracking.

FTC Response

“OpenX surreptitiously gathered location data and facilitated widespread privacy breaches, including those impacting children,” stated Samuel Levine, director of the FTC’s Bureau of Consumer Protection.

“While operating in the background, digital advertising intermediaries are still subject to legal constraints.”

Settlement Details and Financial Adjustments

FTC Commissioner Noah Joshua Phillips revealed that the initial proposed penalty was $7.5 million. However, this amount was reduced to $2 million due to OpenX’s documented financial limitations.

The settlement mandates the deletion of all collected ad request data used for targeted advertising. Furthermore, OpenX is required to establish a comprehensive privacy program to ensure full compliance with COPPA.

OpenX’s Response

OpenX has not yet issued an immediate response to requests for comment.

However, in a blog post addressing the settlement, the company characterized the data collection as an “unintentional error”.

An internal review indicated that “over 99% of domains and apps were appropriately categorized.”

Future Compliance Measures

“We have examined and strengthened our policies and procedures to guarantee complete COPPA compliance,” the company stated.

“We will continue to employ rigorous qualitative and quantitative criteria to assess the suitability of websites and applications for inclusion in our exchange.”