Verizon Dinged Again For Privacy Violations, This Time For Slinging Personalized Ads To Kids
from the what-privacy-law? dept
Oh Verizon. For years we’ve noted how the company’s consumer privacy practices are utterly abysmal. Like that time in 2016 when Verizon was fined a relative pittance by the FCC for modifying user wireless packets so it could covertly track users around the internet (beyond cookie, clickstream, or even deep packet inspection data). This being Verizon, it didn’t bother to tell anybody that this was happening. As a result, it took two years for security researchers to even notice what the company was up to, and another six months of media yelling before the company was willing to even let consumers opt out of the data collection.
Fast forward to this week, and Verizon has been busted once again on the privacy front, this time for slinging behavioral advertisements at kids in violation of the Children?s Online Privacy Protection Act (COPPA). According to an announcement by acting New York Attorney General Barbara Underwood, Verizon’s Oath operations (the mash up of its Yahoo and AOL acquisitions) routinely auctioned off ad space and placed ads on websites the company knew targeted kids — without parental consent. As a result, Verizon’s being hit with the biggest fine in the history of COPPA:
“The Attorney General?s Office found that AOL conducted billions of auctions for ad space on hundreds of websites the company knew were directed to children under the age of 13. Through these auctions, AOL collected, used, and disclosed personal information from the websites? users in violation of COPPA, enabling advertisers to track and serve targeted ads to young children. The company has agreed to adopt comprehensive reforms to protect children from improper tracking and pay a record $4.95 million in penalties, the largest penalty ever in a COPPA enforcement matter in U.S. history.”
But much like the company’s fine for its earlier scandal, the fine itself is likely a small fraction of the money made during the time AOL spent intentionally turning a blind eye as behavior ads were aimed at kids and kid-frequented websites. The AG’s report notes that until late last year (presumably as a result of realizing the AG inquiry existed), AOL’s systems ignored any information that it received from an ad exchange indicating that the ad space was subject to COPPA, so the website routinely ignored the law in general. It’s worth noting that the full settlement has not yet been released.
There’s no indication from the NY AG (I’ve reached out for more detail) how long this was going on, but it’s fairly obvious the income AOL made from ignoring COPPA (there were 1.3 billion auctions of display ad space) outweighs any penalty it’s facing, however historic. COPPA is one of the few privacy regulations currently in place, and even then, Verizon/AOL/Oath’s decision to just ignore the law speaks pretty broadly as to how even the privacy laws we do have are inconsistently enforced. Especially when we’re talking about deep-pocketed telecom giants, who have openly flirted with the idea of charging users even more money for privacy without regulators so much as batting an eye.
As we sit down and begin the long, difficult conversation about what a real internet-era privacy law should look like, the lion’s share of the focus remains (quite justly given the Cambridge Analytica scandal) on Facebook. But it can’t be understated how the telecom industry has historically been even worse — especially given they’re effectively bone-grafted to the nation’s intelligence surveillance apparatus. That these are the companies that will have the biggest impact on the crafting of privacy laws should terrify anyone interested in getting meaningful privacy legislation right.
Filed Under: barbara underwood, coppa, new york, parental consent, privacy, targeting kids
Companies: aol, oath, verizon, yahoo
Comments on “Verizon Dinged Again For Privacy Violations, This Time For Slinging Personalized Ads To Kids”
And herein lies the heart of the problem. As long as the penalties for such violations can be written off as "the cost of doing business," companies will continue to do business in this way.
A modest proposal for fixing it: The Crime Does Not Pay Act. (Because laws apparently need cool, memorable names these days.) Any business caught willfully breaking the law in pursuit of profit shall be fined a minimum of 100% of the gross income brought in by their unlawful dealings.
Pretty much agreed on the violation side, but I don’t see it as “the cost of doing business”, but as a minor fee paid to return thousands of times as much.
Five million is a pittance of an investment when it returns several billion.
The problem is the way Tort Law is set up. Damages have to be proven to set an Award Amount in most cases. Of course there are exceptions – the $10 million Jury award to the woman who didn’t think her McDonalds coffee would be hot being the most obvious.
But that was a single-instance case, before a jury, which means there was a lot of emotion invested in the award.
You just don’t see that in something like this – which Verizon has been caught at multiple times. It usually doesn’t even make it to a courtroom. Their lawyers talk to government lawyers, hyperbole abounds, then an “agreement” is hammered out, almost always resulting in a pittance of a fine (compared to benefits gained) and a promise not to do it again.
Re: Re: Re:
I’d like to take issue with a claim in your comment, namely
That is a very strange way to describe the case. First off, it was 2.9 Million when the jury ruled, however the judge decided the punitive damages were excessive and in the final verdict result was $640,000, a bit less then described.
She only sued when Mcdonalds refused to pay for medical expenses from 3rd degree burns suffered from Coffee served at temperatures that could cause burns in approximately 2 seconds, and was significantly above what other restaurants served to go coffee at (about 20 degrees). Approximately $20,000 was what she asked for.
McDonalds had been settling claims for years about its overly hot coffee, paying out claims in excess of $500,000 for similar claims. The cups were often over filled, making the process of adding cream and sugar (while parked) a dangerous one (its part of the reason Starbucks serves with space at the top of its cups, to allow them to be opened without issue).
She still had to prove damages. The jury established that McDonalds practices rendered them 80% responsible. The granted a $200,000 compensatory damages award (medical, legal, and other damages), which was knocked down to $160,000 (80%)
However, some torts can carry punitive damages, designed to punish and deter the behavior.
Re: Re: Re: Re:
I took issue with that part as well… That kinda undermined his point when he used a case that is often recounted inaccurately due to the smear campaigns that followed it.
Re: Re: Re:
Exactly. If the worst possible fine is a tenth of your profits, breaking the law is just good business sense.
A corporation? Getting dinged? out_of_the_blue is going to be pissed…
No shit? Did you expect him to like it when due process is enforced?
While I agree that this is a small fine given the size of the company, I am glad that this five million will be levied, collected, and distributed to those children and families who were targeted and harmed.
I always feel the penalty is too soft for the size of the violations as mentioned in the article. Specially with environmental disasters. Companies should be dismantled depending on the seriousness of the violations and their managers arrested. Otherwise it’s just fireworks.
I’m not telling it’s the case here (closing Verizon) but it has to hurt their bottom lines otherwise why would they care?