OpenX Technologies settled a complaint alleging that it violated the federal children’s privacy protection law.
The Federal Trade Commission (FTC) investigated OpenX and found that it failed to comply with the Children’s Online Privacy Protection ACT Rule (COPPA Rule) The California-based online advertising platform collected the personal information of children below 13 years old without parental consent.
Additionally, the FTC found that the company failed to flag child-directed apps that participated in the OpenX ad exchange. The company also passed children’s personal data to third parties that used child-directed apps to target ads for users. Its practices is a direct violation of the COPPA Rule.
The U.S. Department of Justice (DOJ) on behalf of the Commission sued OpenX for violating the COPPA Rule and the FTC Act by falsely claiming that it did not collect geolocation from users who opted out of such data collection.
According to the FTC, a $7.5 million civil penalty was entered against OpenX as part of a stipulated order to settle the case. It must pay $2 million to the Commision and the remaining monetary judgment will be suspended based on its financial situation.
The suspension of the judgment will be lifted if OpenX failed to disclose any material asset or misstated the value of any asset or made any material misstatement or ommission in the Financial Attestation.
In addition,the order required OpenX to delete all ad request data it collected to target ads. The company must also implement a comprensive privacy program to ensure its compliance with the COPPA Rule. It must also stop collecting and retaining personal data of children under 13.
In a statement, FTC Bureau of Consumer Protection Director Samuel Levine said, “OpenX secretly collected location data and opened the door to privacy violations on a massive scale, including against children. Digital advertising gatekeepers may operate behind the scenes, but they are not above the law.”