Pixalate’s Allison Lefrak participates in 4A’s 'What’s Coming in 2022 with Safety, Privacy and COPPA Compliance in Advertising'

On Tuesday, March 29, 2022, Pixalate’s SVP of Public Policy and COPPA Compliance, Allison Lefrak, joined Alison Pepper of 4A’s and Mamie Kresses of CARU, for a webinar to discuss consumer privacy and COPPA (Children’s Online Privacy Protection Act) compliance in the programmatic advertising space.

The panelists discussed best practices for data privacy and interest-based advertising, lessons learned from the Federal Trade Commission’s recent COPPA enforcement actions, the future of COPPA Safe Harbor Programs and predictions for what’s in store for privacy regulation in 2022, particularly for children’s privacy.

You can view the full webinar on Pixalate’s YouTube page [LINK].

Here are some key points from the session:

Regarding the FTC’s $1.5 million settlement with Weight Watchers for violating COPPA, Allison Lefrak shared: 

• “The key takeaways from this settlement first of all, I think this case sent a very strong signal to the ad tech industry. It was a reminder of third party liability under COPPA. Even if your company is not consumer-facing you have obligations under COPPA”. 
• “I think the case also reminds companies to take a fresh look at what you're collecting periodically. And whether or not it's permissible for you to gather that data and to re-examine your business reasons for having that data on a regular basis.” 

Regarding children’s privacy, Lefrak continued:

• “Pixalate released a report which analyzed the nearly 400,000 child-directed apps in the app stores… We found that about 40% of child-directed apps can access some type of personal information. Over 5% of child-directed apps transmit personal information, including GPS and IP in the digital ads supply chain. We also found that there was a pretty large discrepancy between child-directed apps that had a detectable privacy policy with 12% of the child-directed apps in Google Play having no detectable privacy policy and numbers nearly two times that at 22% in the Apple App Store with no detectable privacy policy.”'

Mamie Kresses shared her thoughts about how the FTC will interpret third parties’ roles in potential COPPA violations:

• “I just want to caution you, as someone who also had worked at the FTC forever and worked on the COPPA rule for many, many years, I think, as we move forward, we are going to see the FTC taking a much closer look at third parties on collaborative arrangements between app developers websites and third party programming. Because almost every product has connections with other companies layered on top of each other in the offerings, hiding your head in the sand is not the way to go.”
• “Companies are also required to take additional steps on the back-end. It is critical to ensure that if the website or app doesn’t require parental consent or an age-gate, the app or website monitors the traffic to make sure there are no children.

Kresses on Proposed Legislation:

• “The KOSA [Kids Online Safety Act] bill would give parents the ability to set instant parental controls over their children’s devices and also default settings of these devices would be stricter. However, it is yet to be determined how it will look in detail and it’s worth paying attention to this bill.” 
• “Utah recently joined California, Virginia, and Colorado as the only states with privacy legislation that includes some reference to children or teens.” (MK)
• Pepper added, “Massachusetts being one of them for passing new laws and Massachusetts is different. So she's its privacy bill as drafted right now. It looks different than a database so I think there's still that possibility of other states passing privacy bills before the sessions run out in June.”

In relation to federal privacy law, Pepper remarked:

• “You can agree in principle that comprehensive privacy needs to pass but when you get down to the actual specifics of what that means for comprehensive privacy, it gets much harder… Those are sticking points around Federal preemption so federal law, well any federal privacy law, will preempt state laws…”

Pepper touched more on KOSA:

• “This ban surveillance advertising act… This is a pretty, pretty draconian bill. It really does what the title implies: they really want to go back… and really end all forums and targeted, or as they like to call it surveillance, advertising.”

Recommendations for the Ad Tech Industry to Improve Privacy Protections:

• “There's a lot of changes that are going on with privacy that will affect companies that operate in a multinational global environment. There does seem to be a growing set of thoughts, I think at least from what I'm seeing that there's an idea that we really need to diversify our portfolio. Of how we think about how we think about attribution, how we think about measure and how we think about targeting, how we think about audience acquisition, really to think about like, you know, what's the best mix of practices, right, we might have a really good way to do contextual here targeting might be best in this context.” (Alison Pepper)