Publishers also should not assume that ad networks will make that decision for them. “As an ad network, we’re not in the business of determining whether an app is primarily directed at children or not,” Kahan added. “Our default assumption is that we’re allowed to use the person’s persistent identifier from the traffic that comes in. If the site doesn’t tell us that it’s primarily directed at children, we have no way of knowing that and … if that happens we would be innocent but the app developer would not necessarily be viewed the same way.”
Small and medium-sized publishers in particular may struggle to comply with the COPPA updates, noted Alison Pepper, senior director of public policy at the Interactive Advertising Bureau (IAB).
“It’s a little harder for long-tail publishers to find out what’s going on and make sure they won’t be held liable,” Pepper said. “The strict liability standards for publishers is something that requires a lot of due diligence and a lot of internal auditing.”
The IAB, along with several other organizations, had petitioned the FTC to extend the deadline for companies to comply with the COPPA updates, which the FTC ultimately rejected.
Despite the FTC’s efforts to educate companies about the changes, it is impossible to expect all publishers to be ready for the updates, Pepper added. “To the FTC’s credit, they’ve put out a lot of guidance over the past few months to address questions that have come up about COPPA,” she said. “But there are always going to be areas of ambiguity that will need to be resolved.”