Verizon Dinged Again For Privacy Violations, This Time For Slinging Personalized Ads To Kids
from the what-privacy-law? dept
Oh Verizon. For years we've noted how the company's consumer privacy practices are utterly abysmal. Like that time in 2016 when Verizon was fined a relative pittance by the FCC for modifying user wireless packets so it could covertly track users around the internet (beyond cookie, clickstream, or even deep packet inspection data). This being Verizon, it didn't bother to tell anybody that this was happening. As a result, it took two years for security researchers to even notice what the company was up to, and another six months of media yelling before the company was willing to even let consumers opt out of the data collection.
Fast forward to this week, and Verizon has been busted once again on the privacy front, this time for slinging behavioral advertisements at kids in violation of the Children’s Online Privacy Protection Act (COPPA). According to an announcement by acting New York Attorney General Barbara Underwood, Verizon's Oath operations (the mash up of its Yahoo and AOL acquisitions) routinely auctioned off ad space and placed ads on websites the company knew targeted kids -- without parental consent. As a result, Verizon's being hit with the biggest fine in the history of COPPA:
"The Attorney General’s Office found that AOL conducted billions of auctions for ad space on hundreds of websites the company knew were directed to children under the age of 13. Through these auctions, AOL collected, used, and disclosed personal information from the websites’ users in violation of COPPA, enabling advertisers to track and serve targeted ads to young children. The company has agreed to adopt comprehensive reforms to protect children from improper tracking and pay a record $4.95 million in penalties, the largest penalty ever in a COPPA enforcement matter in U.S. history."
But much like the company's fine for its earlier scandal, the fine itself is likely a small fraction of the money made during the time AOL spent intentionally turning a blind eye as behavior ads were aimed at kids and kid-frequented websites. The AG's report notes that until late last year (presumably as a result of realizing the AG inquiry existed), AOL's systems ignored any information that it received from an ad exchange indicating that the ad space was subject to COPPA, so the website routinely ignored the law in general. It's worth noting that the full settlement has not yet been released.
There's no indication from the NY AG (I've reached out for more detail) how long this was going on, but it's fairly obvious the income AOL made from ignoring COPPA (there were 1.3 billion auctions of display ad space) outweighs any penalty it's facing, however historic. COPPA is one of the few privacy regulations currently in place, and even then, Verizon/AOL/Oath's decision to just ignore the law speaks pretty broadly as to how even the privacy laws we do have are inconsistently enforced. Especially when we're talking about deep-pocketed telecom giants, who have openly flirted with the idea of charging users even more money for privacy without regulators so much as batting an eye.
As we sit down and begin the long, difficult conversation about what a real internet-era privacy law should look like, the lion's share of the focus remains (quite justly given the Cambridge Analytica scandal) on Facebook. But it can't be understated how the telecom industry has historically been even worse -- especially given they're effectively bone-grafted to the nation's intelligence surveillance apparatus. That these are the companies that will have the biggest impact on the crafting of privacy laws should terrify anyone interested in getting meaningful privacy legislation right.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: barbara underwood, coppa, new york, parental consent, privacy, targeting kids
Companies: aol, oath, verizon, yahoo
Reader Comments
Subscribe: RSS
View by: Time | Thread
And herein lies the heart of the problem. As long as the penalties for such violations can be written off as "the cost of doing business," companies will continue to do business in this way.
A modest proposal for fixing it: The Crime Does Not Pay Act. (Because laws apparently need cool, memorable names these days.) Any business caught willfully breaking the law in pursuit of profit shall be fined a minimum of 100% of the gross income brought in by their unlawful dealings.
[ link to this | view in thread ]
Re:
Five million is a pittance of an investment when it returns several billion.
The problem is the way Tort Law is set up. Damages have to be *proven* to set an Award Amount in most cases. Of course there are exceptions - the $10 million Jury award to the woman who didn't think her McDonalds coffee would be hot being the most obvious.
But that was a single-instance case, before a jury, which means there was a lot of emotion invested in the award.
You just don't see that in something like this - which Verizon has been caught at multiple times. It usually doesn't even make it to a courtroom. Their lawyers talk to government lawyers, hyperbole abounds, then an "agreement" is hammered out, almost always resulting in a pittance of a fine (compared to benefits gained) and a promise not to do it again.
[ link to this | view in thread ]
Re: Re:
I'd like to take issue with a claim in your comment, namely
That is a very strange way to describe the case. First off, it was 2.9 Million when the jury ruled, however the judge decided the punitive damages were excessive and in the final verdict result was $640,000, a bit less then described.
She only sued when Mcdonalds refused to pay for medical expenses from 3rd degree burns suffered from Coffee served at temperatures that could cause burns in approximately 2 seconds, and was significantly above what other restaurants served to go coffee at (about 20 degrees). Approximately $20,000 was what she asked for.
McDonalds had been settling claims for years about its overly hot coffee, paying out claims in excess of $500,000 for similar claims. The cups were often over filled, making the process of adding cream and sugar (while parked) a dangerous one (its part of the reason Starbucks serves with space at the top of its cups, to allow them to be opened without issue).
She still had to prove damages. The jury established that McDonalds practices rendered them 80% responsible. The granted a $200,000 compensatory damages award (medical, legal, and other damages), which was knocked down to $160,000 (80%)
However, some torts can carry punitive damages, designed to punish and deter the behavior.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
I'm not telling it's the case here (closing Verizon) but it has to hurt their bottom lines otherwise why would they care?
[ link to this | view in thread ]