In light of the three-high profile class action lawsuits this month alleging leading companies, including Disney, Viacom and Unity are in violation of COPPA (The Children’s Online Privacy Protection Act), it is important to look a little deeper and try to highlight both sides of the story.
Disney is accused of illegally tracking children in some of their apps. The San Francisco mom who is suing Disney and others in a proposed class action in California Federal Court, claims an advertising-specific software development kit is surreptitiously embedded in the code for the app, and that's how Disney is collecting personal information and tracking online behavior.
Interestingly, it may be possible that Disney is not in violation. It could be that the persistent identifier was collected but treated in a compliant way once passed to the third-party service provider. For example, the post back could have been stripped of personally identifiable information (PII) and used for contextual advertising or tracking an app install without sharing the IDFA with the ad network/partner. We know this is possible to do, however, if you run a software monitoring report it sometimes looks as though an IDFA is collected/shared to someone on the outside without a full understanding of process.
We have seen and supported investigations such as these, where a company has been able to prove they were not violating COPPA.
A Disney spokesman sent The Hollywood Reporter a statement late Friday in response to the suit: “Disney has a robust COPPA compliance program, and we maintain strict data collection and use policies for Disney apps created for children and families. The complaint is based on a fundamental misunderstanding of COPPA principles, and we look forward to defending this action in Court.”
They seem confident in their statement. We await the court case with interest to learn more about what is really happening in these cases in terms of tracking, child privacy and safety.