5 Privacy Trends for 2025: What to Watch For
Heraclitus said that “The only constant in life is change,” but...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: December 11, 2023
Published: April 19, 2021
While some have waved a dismissive hand at the Disney/adtech settlement approved by a California judge on April 13, others say it could have an impact on the entire adtech ecosystem.
In three separate class-action lawsuits, plaintiffs alleged Disney, Viacom, Twitter, ViacomCBS and more than 10 adtech companies tracked or allowed tracking technology to be deployed on various children's mobile gaming apps.
The settlement doesn't include any monetary relief, but it does require the companies to stop using tracking technologies to track children. That's where the critics come in: Essentially, the settlement tells the companies to stop doing the illegal things they were doing and start behaving well. That's not a real win for privacy, just a return to what should have been the status quo.
Typically, the U.S. Federal Trade Commission files complaints about alleged violations of the Children's Online Privacy Protection Act, the governing children's privacy law. But this case relied on children's Constitutional state rights to an "expectation of privacy," as well as a handful of state privacy statutes.
Besides the novel approach to the lawsuit, the difference between this settlement and others is the implication of SDKs or software development kits. In plain language, SDKs are pieces of code that allow for specific functions within apps, and they're often deployed for sites by third-party developers.
In 2020, New Mexico's attorney general filed a lawsuit claiming a Google PlayStore app and its advertisers were collecting children's personal data via their SDKs without parental consent, a COPPA violation. A judge found the suit against Google could proceed, dismissed claims against its SDK providers. The judge said the SDKs couldn't have been expected to have "actual knowledge" — important language under COPPA, for what it's worth — that it was collecting children's data. But because Google had reviewed the apps in question twice — including apps called "Fun Kid Racing," "Candy Land Racing" and "GummerBear and Friends Speed Racing" — Google did have actual knowledge it was collecting children's data. It should have protected that data accordingly.
But there's been a growing push to hold SDKs accountable as well. In October 2020, Google removed three apps targeting children from its GooglePlay store following research from the International Digital Accountability Council. The IDAC found the SDKs the apps deployed were leaking data.
And that's what makes this settlement important, according to Linette Attai, founder of consulting firm PlayWell. Yes, COPPA has always prohibited the behavioral targeting of children. But this case brought SDK providers into the mix.
"The settlement outlined some specific steps those companies need to take to learn whether the developer's product is intended for children and, if so, to operate accordingly," she said.
In the past, said Joe Jerome of Common Sense Media, SDKs have relied on COPPA's actual knowledge standard that allowed them to deny they knew they were collecting children's data; that was the developer's domain.
SDKs have been "a real thorn in the side of privacy advocates," Jerome said. "Almost every developer and app are putting out SDKs, and there are ways data is shared or leaked via SDKs that's not compliant with COPPA. The concern has always been it incentivized a lot of bad behaviors and putting heads in the sand because of this data ecosystem with data going everywhere and SDKs saying: 'I didn't know,' and then not having to comply with COPPA," he said.
Of course, it's always crucial for operators to vet their third-party vendors, said Attai. The settlements mean SDK providers should no longer shrug their shoulders and expect operators to take the fall.
"These SDK providers also now need to verify whether the products they're operating in are intended for children by taking steps such as getting affirmations about the audience from the developer, leveraging signals from third parties such as app store platforms, etc., and to configure their services accordingly," she said. That means limiting data collection and avoiding profiling or behavioral targeting.
While all of the settlements differ from each other on specifics, most require the operator or SDK to sweep its database for kid-related keywords to identify any children's data collected and delete it. The Disney settlement requires it to remove SDKs in any apps directed at kids. Comscore must identify its kids-app categories, and it's prohibited from collecting device IDs from any user of those apps.
"The keyword provisions of the settlement say it's an app that the SDKs knew or should have known was targeted or directed at kids," Jerome said.
And while many poo-pooed the settlement as a nothing-burger, "The reality is it affects a bunch of really large players," Jerome added. "It's swiping at Disney, which is not nothing, and a lot of the major SDKs that are deployed by thousands and thousands of apps."
Attai said the last time the Federal Trade Commission updated COPPA, some SDK providers stood down from children's apps, "then quickly came back in with solutions that met the requirements."
If the settlement has significant implications, it may be that we soon see a similar trend.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.