Marketing online to kids in the age of GDPR poses new challenges

Marketing online to kids has nearly always come with restrictions. Since the commercial internet’s early days, the Children’s Online Privacy Protection Act (COPPA) has dictated how companies handle personally identifiable information (PII) collected from children under the age of 13. The rule put users’ parents in charge of consent while discouraging any collection of data at all.

But a lot has happened since 2000, when COPPA went into effect. There are exponentially more kids online, and they are interacting with all kinds of brands, not just those specifically targeted to kids. On the way, they are being exposed to ad tech aimed at adults that is chock full of PII trackers.

There are a lot more of those trackers out there, and data collection has become pervasive.

Now, as the May 2018 compliance deadline for GDPR looms, companies in general are paying more attention to data privacy.

Ad tech is collecting kids’ data at an alarming rate

Dylan Collins, CEO of “kid-safe” ad platform SuperAwesome, says the amount of data that adult ad tech is collecting is staggering.

“Ad technology is collecting a vast amount of personal data on kids while they’re spending time online,” Collins told me. “On average, adult ad tech has captured more than 72 million data points on a child before they reach the age of 13.”

Yep, you heard that right. More than 72 million bits of information. Per child.

SuperAwesome provides businesses like Warner Brothers, Mattel and the Cartoon Network a tool through which to serve ads to kids that strips off any trackers meant to capture PII, such as cookies. The company is pioneering the kidtech sector, Collins said.

Findings recently released by SuperAwesome show that the number of data points collected from kids will only continue to grow saying, “kids are exposed to 1 to 2 million trackers per year, which are collecting some 5 million data points: location, website visited, device identifier, etc., rising to 12 million per year once they are 12 years old.”

“If you think about the internet, it was originally built for adults, at a time where most of the average internet users were adults. There’s been almost a 10x increase in the past five years of kids accessing the internet. You’re starting to see this shift toward zero data technology or what we call kidtech,” Collins said.

What about GDPR?

According to the International Association of Privacy Professionals (IAPP), the EU regulation has a more general focus on children’s privacy than COPPA, meaning that companies that are currently following the law will be compliant with the kids’ privacy rules within GDPR. There is one important difference between COPPA and GDPR though, Collins told me.

“GDPR allows each country in the EU, and presumably the US, to set its own age limits,” Collins told me. Even though COPPA applies to children under the age of 13, some EU states apply the rules to children up to 16 years old. Collins said that he expects global US companies to eventually follow suit.

“In order to operate at scale, you basically have to choose the older age,” he said.

He said he expects the concern for kids’ data privacy to increase.

“Four years ago when [SuperAwesome] began, this was considered a niche topic. Now in the past 10 months, there’s a lot more attention to this. This is something that companies are really getting concerned about. We’ve seen advertisers pull back from YouTube in the last few months because they are getting increasingly concerned about brand safety issues and the nature of kids’ content,” Collins said.

Awareness may drive innovation

The exodus of some YouTube advertisers that Collins mentioned came on the heels of reports that the massive video platform’s algorithm served pornographic videos to kids searching for child-friendly topics. As a reaction, Fred Mwangaguhunga created Tube Jr. All the videos on his app are reviewed by real people, which follows a general martech trend of adding humans back into what has grown into a fully automated experience.

“Algorithms work great in most situations, but they’re inherently imperfect,” Mwangaguhunga said. “When screening content aimed at kids, you can’t afford to be imperfect. We’re starting to hear rumblings against algorithmic content generation, especially for privacy reasons. And that’s especially true for content aimed at children, which is subject to COPPA. I suspect that more and more content providers are going to start to move away from algorithms in 2018.”

Two words: Get ready

Collins said that he expects marketers to get increasingly involved in issues related to children’s data. In preparation for GDPR, he urges companies to audit their processes and those of their vendors.

“It’s very clear that kids and data privacy and kids’ digital safety is becoming a bigger topic, and if your platform can’t guarantee that level of safety, it’s very hard to understand where your risk actually ends,” he said.