Oath, the Verizon subsidiary born of the fusion of AOL and Yahoo, has agreed to pay $4.95 million to settle charges that it violated children privacy. It is the largest penalization ever to come from enforcement of the Children’s Online Privacy Protection Act (COPPA), according to the New York attorney general’s office.
The New York Times first reported yesterday that the Verizon-owned Oath had agreed to settle charges over its alleged COPPA violation. The state attorney general publicly confirmed the settlement in a release Tuesday morning.
According to the New York attorney general’s office, AOL used its ad exchange program to place targeted ads on hundreds of sites directed at users under the age of 13. It reportedly did so using visitors’ personal data, including geolocation and cookies. This would be a violation of COPPA, which requires companies to receive explicit permission from parents before collecting online information from children under 13 or ad-targeting children based on their online activity.
“COPPA is meant to protect young children from being tracked and targeted by advertisers online. AOL flagrantly violated the law—and children’s privacy— and will now pay the largest-ever penalty under COPPA,” said New York Attorney General Barbara Underwood in a statement. “My office remains committed to protecting children online and will continue to hold accountable those who violate the law.”
Responding to a request for comment from Gizmodo, an Oath spokesperson shared the same terse statement it gave the Times: “We are pleased to see this matter resolved and remain wholly committed to protecting children’s privacy online.”
According to the Times, settlement documents say that AOL auctioned ad space on kids’ platforms, collecting data from visitors, which it then shared with bidders. Examining the company’s practices from October 2015 to February 2017, the documents reportedly state that AOL regularly engaged in this activity even though AOL policies claimed using its ad exchange on kids’ platforms was prohibited.
Settlement documents state that an AOL account manager incorrectly told a client, Playwire Media, that AOL ad exchanges could be used in compliance with COPPA on numerous occasions, the Times reports. Playwire—which represents kids’ sites like Neopoets.com, Roblox.com, and Tweentribune.com—is said to have then used AOL’s ad exchange to put more than a billion ads on COPPA-protected spaces.
In addition to the $4.95 million penalty, Oath has agreed to create a COPPA compliance system and destroy the personal data the company collected from children, the New York attorney general’s office said.