New York AG Concludes “Operation Child Tracker”; Companies Agree to Penalties Totaling $835,000 For COPPA Violations

The New York Attorney General recently concluded its COPPA compliance investigation, “Operation Child Tracker,” and announced Viacom, Mattel, Hasbro, and JumpStart will pay a total of $835,000 in fines for various violations of the Children’s Online Privacy and Protection Act (COPPA). COPPA provides a right of action for the FTC, as well as state attorneys general. The New York AG undertook a two year compliance investigation of many popular children’s website. Following its investigation, it concluded Viacom, Mattel, Hasbro, and JumpStart were engaged in tracking children online in violation of COPPA.

Specific COPPA violations detailed in the settlements included integrating Facebook plug-ins allowing tracking by Facebook without notifying Facebook that the website where the plug-in was placed was subject to COPPA; allowing OBA trackers to piggyback on site maintenance trackers; allowing behavioral trackers on mixed audience webpages; and inadvertently introducing e-commerce tracking technology on child-directed, non-ecommerce portions of a website.

As part of the settlement agreement obligations, each company agreed to comprehensive reforms. These include conducting regular electronic scans of company websites, adopting comprehensive procedures for vetting third party trackers before they are introduced on COPPA-covered webpages, providing notice to third parties that collect or use personal information to enable them to know which webpages are subject to COPPA. Of note, Hasbro participates in an FTC-approved COPPA safe harbor program so it will not have to pay a penalty. However, the safe harbor program relies upon full and accurate disclosure of the website operator’s practices and Hasbro failed to disclose the existence of retargeting tracking on certain child-directed webpages. As such, Hasbro will undertake the compliance obligations set forth above.

TIP: Under COPPA, website operators are strictly liable for all information collection and tracking on child-directed webpages. To help website operators avoid running afoul of COPPA, operators should thoroughly vet all parties that they allow to track on their websites and should take steps to monitor their sites for unexpected third party tracking.