Random Thoughts – Randocity!

This question is currently a hot debate among YouTubers. The answer to this question is complex and depends on many factors. This is a long read as there’s a lot to say (~10000 words = ~35-50 minutes). Grab a cup of your favorite Joe and let’s explore.

COPPA, YouTube and the FTC

I’ve written a previous article on this topic entitled Rant Time: Google doesn’t understand COPPA. You’ll want to read that article to gain a bit more insight around this topic. Today’s article is geared more towards YouTube content creators and parents looking for answers. It is also geared towards anyone with a passing interest in the goings on at YouTube.

Before I start, let me write this disclaimer by saying I’m not a lawyer. Therefore, this article is not intended in any way to be construed as legal advice. If you need legal advice, there are many lawyers available who may be able to help you with regards to being a YouTube content creator and your specific channel’s circumstances. If you ARE HERE looking for legal advice, please go speak to a lawyer instead. The information provided in this article is strictly for information purposes only and IS NOT LEGAL ADVICE.

For Kids or Not For Kids?

With that out of the way, let’s talk a little about what’s going on at YouTube for the uninitiated. YouTube has recently rolled out a new channel creator feature. This feature requires that you mark your channel “for kids” or “not for kids”. Individual videos can also be marked this way (which becomes important a little later in the article). Note, this “heading” is not the actual text on the screen in the settings area (see the image), but this is what you are doing when you change this YouTube creator setting. This setting is a binary setting. Your content is either directed at kids or it is not directed at kids. Let’s understand this reasoning around COPPA. Also, “kids” or “child” is defined in COPPA any person 12 or younger.

When you set the “for kids” setting on a YouTube channel, a number of things will happen to your channel, including comments being disabled, monetization will be severely limited or eliminated and how your content is promoted by YouTube will drastically change. There may also be other subtle changes that are as yet unclear. The reason for all of these restrictions is that COPPA prevents the collection of personal information from children 12 and under… or at least, if it is collected that it is deleted if parental consent cannot be obtained. In the 2013 update, COPPA added cookie tracking to the list of items that cannot be collected.

By disabling all of these features under ‘For Kids’, YouTube is attempting to reduce or eliminate its data collection vectors that could violate COPPA… to thwart future liabilities for Google / YouTube as a company.

On the other hand, setting your channel as ‘Not For Kids’, YouTube maintains your channel as it has always been with comments enabled, full monetization possible, etc. Seems simple, right? Wrong.

Not as Simple as it Seems

You’re a creator thinking, “Ok, then I’ll just set my channel to ‘Not for Kids’ and everything will be fine.” Not so fast there, partner. It’s not quite as simple as that. COPPA applies to your channel if even one child visits and Google collects any data from that child. But, there’s more to it.

YouTube will also be rolling out a tool that attempts to identify the primary audience of video content. If YouTube’s new tool identifies a video as content primarily targeting “kids”, that video’s “Not for Kids” setting may be overridden by YouTube and set as “For Kids”. Yes, this can be done by YouTube’s tool, thus overriding your channel-wide settings. It’s not enough to set this setting on your channel, you must make sure your content is not being watched by kids and the content is not overly kid friendly. How exactly YouTube’s scanner will work is entirely unknown as of now.

And here is where we get to the crux of this whole matter.

What is “Kid Friendly” Content?

Unfortunately, there is no clear answer to this question. Your content could be you reviewing toys, it could be drawing pictures by hand on the screen, it could be reviewing comic books, you might ride skateboards, you might play video games, you might even assemble Legos into large sculptures. These are all video topics that could go either way… and it all depends on which audience your video tends draw in.

It also depends on your existing subscriber base. If a vast majority of your current active subscribers are children 12 and under, this fact can unfairly influence your content even if your curent content is most definitely not for kids. The fact that ‘kids’ are watching your channel is a problem for ANY content that you upload.

But you say, “My viewer statistics don’t show me 12 and under category.” No, it doesn’t and there’s a good reason why it doesn’t. Google has always professed that it doesn’t allow 12 and under on its platform. But clearly, that was a lie. Google does, in fact, allow 12 and under onto its platform. That’s crystal clear for two reasons: 1) The FTC fined Google $170 million for violating COPPA (meaning, FTC found kids 12 and under are using the platform) and 2) YouTube has rolled out this “for kids / not for kids” setting confirming by Google that 12 and under do, in fact, watch YouTube and have active Google Account IDs.

I hear someone else saying, “I’m a parent and I let my 11 year old son use YouTube.” Yeah, that’s perfectly fine and legal, so long as you have given “verifiable consent” to the company that is collecting data from your 11 year old child. As long as a parent gives ‘verifiable consent’ for their child under 12 to Google or YouTube or even to the channel owner directly, it’s perfectly legal for your child to be on the platform watching and participating and for Google and YouTube to collect data from your child.

Unfortunately, verifiable consent is difficult to manage digitally. See the DIY method of parental consent below. Unfortunately, Google doesn’t offer any “verifiable consent” mechanism for itself or for YouTube content creators. This means that even if you as a parent are okay with your child being on YouTube, Facebook, Instagram or even Snapchat, if you haven’t provided explicit and verifiable parental consent to that online service for your child 12 and under, that service is in violation of COPPA by handling data that your child may input into that service. Data can include name, telephone number, email address or even sharing photos or videos of themselves. It also includes cookies placed onto their devices.

COPPA was written to penalize the “web site” or “online services” that collect a child’s information. It doesn’t penalize the family. Without “verifiable consent” from a parent or legal guardian, to the “web site” or “online service” it’s the same as no consent at all. Implicit consent isn’t valid for COPPA. It must be explicitly given and verifiable consent from a parent or legal guardian given to the service being used by the child.

The Murky Waters of Google

If only YouTube were Google’s only property to consider. It isn’t. Google has many, many properties. I’ll make a somewhat short-ish list here:

• Google Search
• Google Games
• Google Music
• Google Play Store (App)
• Google Play Games (App)
• Google Stadia
• Google Hangouts
• Google Docs
• Google’s G Suite
• Google Voice
• Google Chrome (browser)
• Google Chromebook (device)
• Google Earth (App)
• Google Movies and TV
• Google Photos
• Google’s Gmail
• Google Books
• Google Drive
• Google Home (the smart speaker device)
• Google Chromecast (TV device)
• Android OS on Phones
• … and the list goes on …

To drive all of these properties and devices, Google relies on the creation of a Google Account ID. To create an account, you must supply Google with certain specific identifying information including email address, first and last name and various other required information. Google will then grant you a login identifier and a password in the form of credentials which allows you to log into and use any of the above Google properties, including (you guessed it) YouTube.

Without “verifiable consent” supplied to Google for a child 12 and under, what data Google has collected from your child during the Google Account signup process (or any of the above apps) has violated COPPA, a ruleset tasked for enforcement by the Federal Trade Commission (FTC).

Yes, this whole situation gets even murkier.

Data Collection and Manipulation

The whole point to COPPA is to protect data collected from any child aged 12 and under. More specifically, it rules that this data cannot be collected / processed from the child unless a parent or legal guardian supplies “verifiable consent” to the “web site” or “online service” within a reasonable time of the child having supplied their data to the site.

As of 2013, data collection and manipulation isn’t defined just by what the child personally uploads and types, though this data is included. This Act was expanded to include cookies placed onto a child’s computer device to track and target that child with ads. These cookies are also considered protected data by COPPA as these cookies could be used to personally identify the child. If a service does not have “verifiable consent” on file for that child from a parent or guardian, the “online service” or “web site” is considered by the FTC in violation of COPPA.

The difficulty with Google’s situation is that Google actually stores a child’s data within the child’s Google Account ID. This account ID being entirely separate from YouTube. For example, if you buy your child a Samsung Note 10 Phone running Android and you as a parent create a Google Account for your 12 or under child to use that device, you have just helped Google violate COPPA. This is part of the reason the FTC fined Google $170 million for violations to COPPA. Perhaps not this specific scenario, but the fact that Google doesn’t offer a “verifiable consent” system to verify a child’s access to its services and devices prior to collecting data or granting access to services led the FTC to its ruling. The FTC’s focus, however, is currently YouTube… even though Google is violating COPPA everywhere all over its properties as a result of the use of a Google Account ID.

YouTube’s and COPPA Fallout

Google wholly owns YouTube. Google purchased the YouTube property in 2006. In 2009, Google retired YouTube’s original login credential system and began requiring YouTube to use Google Accounts to gain access to the YouTube property by viewers. This change is important.

It also seems that YouTube is still operating itself mostly as a self-autonomous entity within Google’s larger corporate structure. What all of this means more specifically is that YouTube now uses Google Accounts, a separately controlled and operated system within Google, to manage credentials and gain access into not only the YouTube property, but every other property that Google has (see the short-ish list above).

In 2009, the YouTube developers deprecated their own home grown credentials system and began using the Google Accounts system of credential storage. This change to YouTube very likely means that YouTube itself no longer stores or controls any credential or identifying data. That data is now contained within the Google Accounts system. YouTube likely now only manages the videos that get uploaded, comments, supplying ads on videos (which the tracking and manage is probably controlled by Google also), content ID matching and anything else that appears in the YouTube UI interface. Everything else is likely out of the YouTube team’s control (or even access). In fact, I’d suspect that the YouTube team likely has entirely zero access to the data and information stored within the Google Accounts system (with the exception of that specific data which is authorized by the account holder to be publicly shown).

Why is this Google Accounts information important?

So long as Google Accounts remains a separate entity from YouTube (even though YouTube is owned by the same company), this means that YouTube can’t be in violation of COPPA (at least not where storage of credentials are concerned). There is one exception which YouTube does control… its comment system.

The comment system on YouTube is one of the earliest “modern” social networks ever created. Only Facebook and MySpace were slightly earlier, though all three were generally created within 1 year of one another. It is also the only free form place left in the present 2019 YouTube interface that allows a 12 or under child to incidentally type some form of personally identifying information into a public forum for YouTube to store (in violation of COPPA).

This is the reason that the “for kids” setting disables comments. YouTube formerly had a private messaging service, but it was retired as of September of 2019. It is no longer possible to use YouTube to have private conversations between other YouTube users. If you want to converse with another YouTube viewer, you must do it in a public comment. This change was likely also fallout from Google’s COPPA woes.

Google and Cookies

For the same reason as Google Accounts, YouTube likely doesn’t even manage its own site cookies. It might, but it likely relies on a centralized internal Google service to create, manage and handle cookies. The reason for this is obvious. Were YouTube’s developers to create and manage their own separate cookie, it would be a cookie that holds no use for other Google services. However, if YouTube developers were to rely on a centralized Google controlled service to manage their site’s cookies, it would allow the cookie to be created in a standardized way that all Google services can consume and use. For this reason, this author supposes a centralized system is used at YouTube rather than something “homegrown” and specific to YouTube.

While it is possible that YouTube might create its own cookies, it’s doubtful that YouTube does this for one important reason: ad monetization. For YouTube to participate in Google Advertising (yet another service under the Google umbrella of services), YouTube would need to use tracking cookies that the Google Advertising service can read, parse and update while someone is watching a video on YouTube.

This situation remains murky because YouTube can manage its own internal cookies. I’m supposing that YouTube doesn’t because of a larger corporate platform strategy. But, it is still entirely possible that YouTube does manage its own browser cookies. Only a YouTube employee would know for certain which way this one goes.

Because of the ambiguity in how cookies are managed within Google and YouTube, this is another area where YouTube has erred on the side of caution by disabling ads and ad tracking if a channel is marked as ‘for kids’. This prevents placing ad tracking cookies on any computers from ‘for kids’ marked channels and videos, again avoiding violations of COPPA.

The FTC’s position

Unfortunately, the FTC has put themselves into a constitutionally precarious position. The United States Constitution has a very important provision within its First Amendment.

Let me cite a quote from the US Constitution’s First Amendment (highlighting and italics added by author to call out importance):

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

The constitutional difficulty that the FTC has placed themselves in is that YouTube, by its very nature, offers a journalistic platform which is constitutionally protected from tortious interference by the United States government. The government (or more specifically, Congress) cannot make law that in any way abridges freedom of speech or of the press.

A video on YouTube is not only a form of journalism, it is a form of free speech. As long as YouTube and Google remain operating within the borders of the United States, United States residents must be able to use this platform unfettered without government tortious interference.

How does this imply to the FTC? It applies because the FTC is a governmental entity created by an act of the US Congress and, therefore, acts on behalf of the US Congress. This means that the FTC must uphold all provisions of the United States Constitution when dealing with matters of Freedom of Speech and Freedom of the Press.

How is does this problem manifest for the FTC? The FTC has repeatedly stated that it will use “tools” to determine if a YouTube channel’s content is intended for and is primarily intended to target children 12 and under. Here’s the critical part. If a channel’s content is determined to be targeting children 12 and under, the channel owner may be fined up to $43,530 per video as it will have been deemed in violation of COPPA.

There are two problems with the above statements the FTC has made. Let’s examine text from this FTC provided page about YouTube (italics provided by the FTC):

So how does COPPA apply to channel owners who upload their content to YouTube or another third-party platform? COPPA applies in the same way it would if the channel owner had its own website or app. If a channel owner uploads content to a platform like YouTube, the channel might meet the definition of a “website or online service” covered by COPPA, depending on the nature of the content and the information collected. If the content is directed to children and if the channel owner, or someone on its behalf (for example, an ad network), collects personal information from viewers of that content (for example, through a persistent identifier that tracks a user to serve interest-based ads), the channel is covered by COPPA. Once COPPA applies, the operator must provide notice, obtain verifiable parental consent, and meet COPPA’s other requirements.

and there’s more, which contains the most critical part of the FTC’s article:

Under COPPA, there is no one-size-fits-all answer about what makes a site directed to children, but we can offer some guidance. To be clear, your content isn’t considered “directed to children” just because some children may see it. However, if your intended audience is kids under 13, you’re covered by COPPA and have to honor the Rule’s requirements.

The Rule sets out additional factors the FTC will consider in determining whether your content is child-directed:

• the subject matter,
• visual content,
• the use of animated characters or child-oriented activities and incentives,
• the kind of music or other audio content,
• the age of models,
• the presence of child celebrities or celebrities who appeal to children,
• language or other characteristics of the site,
• whether advertising that promotes or appears on the site is directed to children, and
• competent and reliable empirical evidence about the age of the audience.

Content, Content and more Content

The above quotes discuss YouTube Content becoming “covered by COPPA”. This is a ruse. Content is protected speech by the United States Constitution and is defined within the First Amendment (see above). Nothing in any YouTube visual content when published by a United State Citizen can be “covered by COPPA”. The First Amendment sees to that.

Let’s understand why. First, COPPA is a data collections Act. It has nothing whatever to do with content ratings, content age appropriateness or, indeed, does not discuss anything else related visual content targeted towards children of ANY age. Indeed, there is no verbiage within the COPPA provisions that discuss YouTube, visual content, audio content or anything else to do with Freedom of Speech matters.

It gets worse… at least for the FTC. Targeting channels for disruption by fining them strictly over content uploaded onto the channel is less about protecting children’s data and more about content censorship on YouTube. Indeed, fining a channel $42,530 is tantamount to censorship as it is likely to see that content removed from YouTube… which is, indeed, censorship in its most basic form. Any censorship of Freedom of Speech is firmly against First Amendment rights.

Since the FTC is using fines based on COPPA as leverage against content creators, the implication is that the FTC will use this legal leverage to have YouTube take down content it feels is inappropriate targeting 12 and under children, rather than upholding COPPA’s actual data protection provisions. Indeed, the FTC will actually be making new law by fining channels based on content, not on whether data was actually collected in violation of COPPA’s data collection provisions. Though, the first paragraph may claim “data collection” as a metric, the second paragraph is solely about “offending content”… which is entirely about censorship. Why is that? Let’s continue.

COPPA vs “Freedom of Speech”

The FTC has effectively hung themselves out to dry. In fact, if the FTC does fine even ONE YouTube channel for “inappropriate content”, the FTC will be firmly in the business of censorship of journalism. Or, more specifically, the FTC will have violated the First Amendment rights of U.S. Citizens’ freedom of speech protections.

This means that in order for the FTC to enforce COPPA against YouTube creators, it has now firmly put itself into the precarious position of violating the U.S. Constitution’s First Amendment. In fact, the FTC cannot even fine even one channel owner without violating the First Amendment.

In truth, they can fine under only the following circumstance:

1. The FTC proves that the YouTube channel actually collected and currently possesses inappropriate data from a child 12 and under.
2. The FTC leaves the channel entirely untouched. The channel and content must remain online and active.

Number 2 is actually quite a bit more difficult for the FTC than it sounds. Because YouTube and the FTC have made an agreement, that means that YouTube can be seen as an agent of the FTC by doing the FTC’s bidding. This means that even if YouTube takes down the channel after a fine for TOS reasons, the FTC’s fining action can still be construed as in violation of First Amendment rights because YouTube acted as an agent to take down the “offending content”.

It gets even more precarious for the FTC. Even the simple the act of levying a fine against a YouTube channel could be seen as a violation of First Amendment rights. This action by the FTC seems less about protecting children’s data and more about going after YouTube content creators “targeting children with certain types of content” (see above). Because the latter quote from the FTC article explicitly calls out types of content as “directed at children”, this intentionally shows that it’s not about COPPA, but about visual content rules. Visual content rules DO NOT exist in COPPA.

Channel Owners and Content

If you are a YouTube channel owner, all of the above should greatly concern you for the following reasons:

1. You don’t want to become a Guinea Pig to test First Amendment legal waters of the FTC + COPPA
2. The FTC’s content rules above effectively state, “We’ll know it when we see it.” This is constitutionally BAD. This heavily implies content censorship intent. This means that the FTC can simply call out any content as being inappropriate and then fine a channel owner for uploading that content.
3. It doesn’t specify state if the rule applies retroactively. Does previously uploaded content become subject to the FTC’s whim?
4. The agreement takes effect beginning January 1, 2020
5. YouTube can “accidentally” reclassify content as “for kids” when it clearly isn’t… which can trigger an FTC action.
6. The FTC will apparently have direct access to the YouTube platform scanning tools. To what degree it has access is unknown. If it has direct access to take videos or channels offline, it has direct access to violate the First Amendment. Even if it must ask YouTube to do this takedown work, the FTC will still have violated the First Amendment.

The Fallacy

The difficulty I have with this entire situation is that the FTC now appears to be holding content creators to blame for heavy deficiencies within YouTube’s and Google’s platforms. Because Google failed to properly police its own platform for 12 and under users, it now seeks to pass that blame down onto YouTube creators simply because they create and upload video content. Content, I might add, that is completely protected under the United State Constitution’s First Amendment as “Freedom of Speech”. Pre-shot video content is a one-way passive form of communication.

Just like broadcast and cable TV, YouTube is a video sharing platform. It is designed to allow creators to impart one-way passive communication using pre-made videos, just like broadcast TV. If these FTC actions apply to YouTube, then they equally apply to broadcast and cable television providers…. particularly now that CBS, ABC, NBC, Netflix, Disney+ (especially Disney+), Hulu, Vudu, Amazon, Apple and cable TV providers now also offer “web sites” and “online services” where their respective video content can (and will) be viewed by children 12 and under via a computer device or web browser and where a child may is able to input COPPA protected data. For example, is Disney+ requiring verifiable parental consent to comply with COPPA?

Live Streaming

However, YouTube now also offers live streaming which changes the game a little for COPPA. Live streaming offers two-way live communication and in somewhat real-time. Live streaming is a situation where a channel creator might be able to collect inappropriate data from a child simply by asking pointed questions during a live stream event. A child might even feel compelled to write into live chat information that they shouldn’t be giving out. Live streaming may be more likely to collect COPPA protected data than pre-made video content simply because of the live interactivity between the host and the viewers. You don’t get that level of interaction when using pre-made video content.

Live streaming or not, there is absolutely no way a content creator can in any way be construed as an “Operator” of Google or of YouTube. The FTC is simply playing a game of “Guilty by Association”. They are using this flawed logic… “You own a YouTube channel, therefore you are automatically responsible for YouTube’s infractions.” It’s simply Google’s way of passing down its own legal burdens by your channel’s association with YouTube. Worse, the FTC seems to have bought into this Google shenanigan. It’s great for Google, though. They won’t be held liable for any more infractions against COPPA so long as YouTube creators end up shouldering that legal burden for Google.

The FTC seems to have conveniently forgotten this next part. In order to have collected data from a child, you must still possess a copy of that data to prove that you actually did collect it and that you are STILL in violation of COPPA. If you don’t have a copy of the alleged violating data, then you either didn’t collect it, the child didn’t provide it, you never had it to begin with or you have since deleted it. As for cookie violations, it’s entirely a stretch to say that YouTube creators had anything to do with how Google / YouTube manages cookies. The COPPA verbiage states of deletion under Parental Consent:

§312.4(c)(1). If the operator has not obtained parental consent after a reasonable time from the date of the information collection, the operator must delete such information from its records;

If an “operator” deletes such records, then the “operator” is not in violation of COPPA. If an “operator” obtains parental consent, then the “operator” is also not in violation of COPPA. Nothing, though, states definitively that a YouTube creator assumes the role of “operator”.

This is important because Google is and remains the “operator”. Until or unless Google extends access to its Google Accounts collected data to ALL YouTube creators so that a creator can take possession of said data, a creator cannot be considered an “operator”. The YouTube creator doesn’t have (and never has had) access to the Google Account personal data (other than what is publicly published on Google). Only Google has access to this account data which has been collected as part of creating a new Google Account. Even the YouTube property and its employees likely don’t even have access to Google Account personal data as mentioned. This means that, by extension, a YouTube creator doesn’t have a copy of any personal data that a Google Accounts signup may have collected… and therefore the YouTube content creator is NOT in violation of COPPA, though that doesn’t take Google off of the hook for it.

A YouTube content creator must actually POSSESS the data to be in violation. The FTC’s burden of proof is to show that the YouTube content creator actually has possession of that data. Who possesses that data? Google. Who doesn’t possess that data? The YouTube content creator. Though, there may be some limited edge cases where a YouTube creator might have requested personal information from a child in violation of COPPA. Even if a YouTube creator did request such data, so long as it has since been deleted fully, it is not in violation of COPPA. You must still be in possession of said data to be in violation of COPPA, at least according to how the act seems to read. If you have questions about this section, you should contact a lawyer for definitive confirmation and advice. Remember, I’m not a lawyer.

There is only ONE situation where a YouTube content creator may be in direct violation of COPPA. That is for live streaming. If a live streamer prompts for personal data to be written into the live chat area from its viewers and one of those viewers is 12 or under, the creator will have access to COPPA violating personal data. Additionally, comments on videos might be construed as in violation of COPPA if a 12 and under child writes something personally identifying into a comment. Though, I don’t know of many content creators who would intentionally request their viewers to reveal personally information in a comment on YouTube. Most people (including content creators) know the dangers all too well of posting such personally identifying information in a YouTube comment. A child might not, though. I can’t recall having watched one single YouTube channel where the host requests personally identifying information be placed into a YouTube comment. Ignoring COPPA for a second, such a request would be completely irresponsible. Let’s continue…

COPPA does state this about collecting data under its ‘Definitions’ section:

Collects or collection means the gathering of any personal information from a child by any means, including but not limited to:

(1) Requesting, prompting, or encouraging a child to submit personal information online;

(2) Enabling a child to make personal information publicly available in identifiable form. An operator shall not be considered to have collected personal information under this paragraph if it takes reasonable measures to delete all or virtually all personal information from a child’s postings before they are made public and also to delete such information from its records; or

(3) Passive tracking of a child online.

The “Enabling a child” section above is the reason for the removal of comments when the “for kids” setting is defined. Having comments enabled on a video when a child 12 and under could be watching enables the child to be able to write in personal information if they so choose. Simply by having a comment system available to someone 12 and under appears to be an infraction of COPPA. YouTube creators DO have access to enable or disable comments. What YouTube Creators don’t have access to is the age of the viewer. Google hides that information from YouTube content creators. YouTube content creators, in good faith, do not know the ages of anyone watching their channel.

Tracking a child’s activities is not possible by a YouTube content creator. A content creator has no direct or even incidental access to Google’s systems which perform any tracking activities. Only Google Does. Therefore, number 3 does not apply to YouTube content creators. The only way number 3 would ever apply to a creator is if Google / YouTube offered direct access to its cookie tracking systems to its YouTube content creators. Therefore, only numbers 1 and 2 could potentially apply to YouTube content creators.

In fact, because Google Accounts hides its personal data from YouTube content creators (including the ages of its viewers), content creators don’t know anything personal about any of its viewers. Which means, how are YouTube content creators supposed to know if a child 12 and under is even watching?

Google’s Failures

The reality is, Google has failed to control its data collection under Google Accounts. It is Google Accounts that needs to have COPPA applied to it, not YouTube. In fact, this action by the FTC will actually solve NOTHING at Google.

Google’s entire system is tainted. Because of the number of services that Google owns and controls, placing COPPA controls on only ONE of these services (YouTube) is the absolute bare minimum for an FTC action against COPPA. It’s clear that the FTC simply doesn’t understand the breadth and scope of Google’s COPPA failures within its systems. Placing these controls on YouTube will do NOTHING to fix COPPA’s greater violations which continue unabated within the rest of Google’s Services, including its brand new video gaming streaming service, Google Stadia. Google Stadia is likely to draw in just as many children 12 and under as YouTube. Probably more. If Stadia has even one sharing or voice chat service active or uses cookies to track its users, Stadia is in violation for the same exact reasons YouTube is… Google’s failure of compliance within Google Accounts.

Worse, there’s Android. Many parents are now handing brand new Android phones to their children 12 and under. Android has MANY tracking features enabled on its phones. From the GPS on board, to cookies, to apps, to the cell towers, to the OS itself. Talk about COPPA violations.

What about Google Home? You know, that seemingly innocuous smart speaker? Yeah, that thing is going to track not only each individual’s voice, it may even store recordings of those voices. It probably even tracks what things you request and then, based on your Google Account, will target ads on your Android phone or on Google Chrome based on things you’ve asked Google Home to provide. What’s more personally identifying than your own voice being recorded and stored after asking something personal?

Yeah, YouTube is merely the tippiest tip of a much, much, MUCH larger corporate iceberg that is continually in violation of COPPA within Google. The FTC just doesn’t get that its $170 million fine and First Amendment violating censorship efforts on YouTube isn’t the right course of action. Not only does the FTC’s involvement in censorship on YouTube lead to First Amendment violations, it won’t solve the rest of the COPPA violations at Google.

Here’s where the main body of this article ends.

Because there are still more questions, thoughts and ideas around this issue, let’s explore a some deeper ideas which might answer a few more of your questions as a creator or as a parent. Each question is prefaced by a ➡️ symbol. At this point, you may want to skim the rest of this article for specific thoughts which may be relevant to you.

---

➡️ “Should I Continue with my YouTube Channel?”

This is a great question and one that I can’t answer for you. Since I don’t know your channel or your channel’s content, there’s no way for me to give advice to you. Even if you do tell me your channel and its content, the FTC explicitly states that it will be at the FTC’s own discretion if a channel’s content “is covered by COPPA”. This means you need to review your own channel content to determine if your video content drives kids 12 and under to watch. Even then, it’s a crap shoot.

Are there ways you can begin to protect your channel? Yes. The first way is to post a video requesting that all subscribers who are 12 and under either unsubscribe from the channel or alternatively ask their parents to provide verifiable consent to you to allow that child to continue watching. This consent must come from a parent or guardian, not the child. Obtaining verifiable consent is not as easy as it sounds. Though, after you have received verifiable parental consent from every “child” subscriber on your channel, you can easily produce this consent documentation to the FTC if they claim your channel is in violation.

The next option is to apply for TRUSTe’s Children’s Privacy Certification. This affords your YouTube channel “Safe Harbor” protections against the FTC. This one is likely most helpful for large YouTube channels which tend to target children and which make significant income through ad monetization. TRUSTe’s certification is not likely to come cheap. This is the reason this avenue would only be helpful for the largest channels receiving significant monetization enough to pay for such a service.

Note, if you go through the “Safe Harbor” process or obtain consent for every subscriber, you won’t need to set your channel as ‘for kids’. Also note that “Safe Harbor” may not be possible due to Google owning all of the equipment that operates YouTube. Certification programs usually require you to have direct access to systems to ensure they continue to comply with the terms of the certification. Certifications usually also require direct auditing of systems to ensure the systems comply with the certification requirements. It’s very doubtful that Google will allow an auditing firm to audit YouTube’s servers on behalf of a content creator for certification compliance… and even if they did allow such an audit, YouTube’s servers would likely fail the certification audit.

The final option is to suspend your channel. Simply hide all of your content and walk away from YouTube. If you decide to use another video service like DailyMotion, Vimeo, or Twitch, the FTC may show up there as well. If they can make the biggest video sharing service in the world bow down to the FTC, then the rest of these video sharing services are likely not far behind.

➡️ “I don’t monetize my channel”

This won’t protect you. It’s not about monetization. It’s about data collection. The FTC is holding channel owners responsible for Google irresponsible data collection practices. Because Google can’t seem to police its own data collection to shield its end users from COPPA, Google/YouTube has decided to skip trying to fix their broken system and, instead, YouTube has chosen pass their violations down onto their end users… the YouTube creators.

This “passing off liability” action is fairly unheard of in most businesses. Most businesses attempt to shield their end users from legal liabilities by the use of its services as much as possible. Not Google or YouTube. They’re more than willing to hang their end users out to dry and let their end users take the burden of Google’s continued COPPA violations.

➡️ “My content isn’t for kids”

That doesn’t matter. What matters is whether the FTC thinks it is. If your content is animated, video game related, toy related, art related, craft related or in any way might draw in children as viewers, that’s all that matters. Even one child 12 and under is enough to shift Google’s COPPA data collection liabilities down onto your shoulders.

➡️ “I’ve set my channel as ‘not for kids'”

This won’t protect you. Google has a tool in the works that will scan the visual content of a video and potentially reclassify a video as “for kids” in defiance of the channel-wide setting of “not for kids”. Don’t expect that the channel-wide setting will hold up for every single video you post. YouTube can reclassify videos as it sees fit. Whether there will be a way to appeal this is as yet unknown. To get rid of that reclassification of a video, you may have to delete the video and reupload. Though, if you do this and the content remains the same, it will likely be scanned and marked “for kids” again by YouTube’s scanner. Be cautious.

➡️ “I’ll set my channel ‘for kids'”

Do this only if you’re willing to live with the restrictions AND only if your content really is for kids (or is content that could easily be construed as for kids). While this channel setting may seem to protect your channel from COPPA violations, it actually doesn’t. On the other hand, if your content truly isn’t for children and you set it ‘for kids’ that may open your channel up to other problems. I wouldn’t recommend setting content as ‘for kids’ if the content you post is not for kids. Though, there’s more to this issue… keep reading.

Marking your content “for kids” won’t actually protect you from COPPA. In fact, it makes your channel even more liable to COPPA violations. If you mark your content as “for kids”, you are then firmly under the obligation of providing proof that your channel absolutely DID NOT collect data from children under the age of 13. Since the FTC is making creators liable for Google’s problematic data collection practices, you could be held liable for Google’s broken data collection system simply by marking your content as ‘for kids’.

This setting is very perilous. I definitely don’t recommend ANY channel use this setting… not even if your channel is targeted at kids. By setting ‘for kids’ on any channel or content, your channel WILL become liable under COPPA’s data collection provisions. Worse, you will be held liable for Google’s data collections practices… meaning the FTC can come after you with fines. This is where you will have to fight to prove that you presently don’t have access to any child’s collected data, that you never did and that it was solely Google who stored and maintained that data. If you don’t possess any of this alleged data, it may be difficult for the FTC to uphold fines against channel owners. But, unfortunately, it may cost you significant attorney fees to prove that your channel is in the clear.

Finally, it’s entirely possible that YouTube may change this ‘for kids’ setting so that it becomes a one-way transition. This means that you may be unable to undo this change in the future. If it becomes one way, then a channel that is marked ‘for kids’ may never be able to go back to ‘not for kids’. You may have to create an entirely new channel and start over. If you have a large channel following, that could be a big problem. Don’t set your channel ‘for kids’ thinking you are protecting your channel. Do it because you’re okay with the outcome and because your content really is targeted for kids. But, keep in mind that setting ‘for kids’ will immediately allow the FTC to target your channel for COPPA violations.

➡️ “I’m a parent and I wish to give verifiable parental consent”

That’s great. Unfortunately, doing so is complicated. Because it’s easy for a child to fabricate such information using friends or parents of friends, giving verifiable consent to a provider is more difficult for parents than it sounds. It requires first verifying your identity as a parent, then it requires the provider to collect consent documentation from you.

It seems that Google / YouTube have chosen not yet set up a mechanism to collect verifiable consent themselves, let alone for YouTube content creators. What that means is that there’s no easy way for you as a parent to give (or a channel to get) verifiable consent easily. On the flip side as a content creator, it is left to you to handle contacting parents and collecting verifiable consent for child subscribers. You can use a service that will cost you money or you can do it yourself. As a parent, you can do your part by contacting a channel owner and giving them explicit verifiable consent. Keep reading to understand how to go about giving consent.

Content Creators and Parental Consent

Signing up for a service that provides a verifiable consent is something that larger YouTube channels may be able to afford, But, for a small YouTube channel, collecting such information from every new subscriber will be difficult. Google / YouTube could set up such an internal verification service for its creators, but YouTube doesn’t care about that or complying with COPPA. If Google cared about complying with COPPA, they would already have a properly working age verification system in Google Accounts that forces children to set their real age and which requires verifiable consent from the parent of a child 12 and under. If a child 12 and under is identified, Google can then block access to all services that might allow the child to violate COPPA until such consent is given.

It gets even more complicated. Because YouTube no longer maintains a private messaging service, there’s no way for a channel owner to contact subscribers directly on the YouTube platform other than posting a one-way communication video to your channel showing an email address or other means to contact you. This is why it’s important for each parent to reach out to each YouTube channel owner where the child subscribes and offer verifiable consent to the channel owner.

As a creator, this means you will need to post a video stating that ALL subscribers who are under the age of 13 must have have parental consent to watch your channel. This child will need to request their parent contact you using a COPPA authorized mechanism to provide consent. This will allow you to begin the collection of verifiable consent from parents of any children watching or subscribed to your content. Additionally, with every video you post, you must also have an intro on every video stating that all new subscribers 12 and under must have their parent contact the channel owner to provide consent. This shows to the FTC that your channel is serious about collecting verifiable parental consent.

So what is involved in Do It Yourself consent? Not gonna lie. It’s going to be very time consuming. However, the easiest way to obtain verifiable consent is setting up and using a two-way video conferencing service like Google Hangouts, Discord or Skype. You can do this yourself, but it’s better if you hire a third party to do it. It’s also better to use a service like Hangouts which shows all party faces together on the screen at once. This way, when you record the call for your records, both yours and the parent+child’s faces are readily shown. This shows you didn’t fabricate the exchange.

To be valid consent, both the parent and the child must be present and visible in the video while conferencing with the channel owner. The channel owner should also be present in the call and visible on camera if possible. Before beginning, the channel owner must notify the parent that the call will be recorded by the channel owner for the sole purposes of obtaining and storing verifiable consent. You may want to ensure the parent understands that the call will only and ever be used for this purpose (and hold to that). It is off limits to post these videos as a montage on YouTube as content. Then, you may record the conference call and keep it in the channel owners records. As a parent, you need to be willing to offer a video recorded statement to the channel owner stating something similar to the following:

“I, [parent or guardian full name], am 18 years of age or older and give permission to [your channel name] for my child / my ward [child’s YouTube public profile name] to continue watching [your channel name]. I additionally give permission to [your channel name] to collect any necessary data from my child / my ward while watching your channel named [your channel name].”

If possible, the parent should hold up the computer, tablet, phone or device that the child will use to the camera so that it clearly shows the child account’s profile name is logged into YouTube on your channel. This will verify that it is, indeed, the parent or legal guardian of that child’s profile. You may want to additionally request the parent hold up a valid form of picture ID (driver’s license or passport) obscuring any addresses or identifiers with paper or similar to verify the picture and name against the person performing consent. You don’t need to know where they live, you just need to verify the name and photo on the ID matched the person you are speaking to.

Record this video statement for your records and store this video recording in a safe place in case you need to recall this video for the FTC. There should be no posting of these videos to YouTube or any other place. These are solely to be filed for consent purposes. Be sure to also notice if the person with the child is old enough to be an adult, that the ID seems legit and the person is not that child’s sibling or someone falsifying this verification process. If this is a legal guardian situation, this is more difficult to validate legal guardianship. Just do your best and hope that the guardian is being truthful. If in doubt, thank the people on the call for their time and then block the subscriber from your channel.

If your channel is owned by a corporation, the statement should include the name of the business as well as the channel. Such a statement over a video offers verifiable parental consent for data collection from that child by that corporation and/or the channel. This means that the child may participate in comment systems related to your videos (and any other data collection as necessary). Yes, this is a lot of work if you have a lot of under 13 subscribers, but it is the work that the U.S. Government requires to remain compliant with COPPA. The more difficult part is knowing which subscribers are 12 and under. Google and YouTube don’t provide any place to determine this. Instead, you will need to ask your child subscribers to submit parental consent.

If the DIY effort is too much work, then the alternative is to post a video requesting 12 and under subscribers contact you via email stating their YouTube public subscriber identifier. Offer up an email address for this purpose. It doesn’t have to be your primary address. It can be a ‘throw away’ address solely for this purpose. For any account that emails you their account information, block it. This is the simplest way to avoid 12 and under children who may already be in your subscriber pool. Additionally, be sure to state in every future video that any 12 and under watching this channel must have their parental consent or risk being blocked.

Note, you may be thinking that requesting any information from a child 12 and under is in violation of COPPA, but it isn’t. COPPA allows for a reasonable period of time to collect personal data while in the process of obtaining parental consent before that data needs to be irrevocably deleted. After you block 12 and under subscribers, be sure to delete all correspondence via that email address. Make sure that the email correspondence isn’t sitting in a trashcan. Also make sure that not only are the emails are fully deleted, but any collected contact information is fully purged from that email system. You want to make sure that not only are all emails deleted, but any collected email addresses are also purged. Many email services automatically collect and store email addresses into an automatic address list. Make sure that these automatic lists are also purged. As long as all contact data has been irrevocably deleted, you aren’t violating COPPA.

COPPA recognizes the need to collect personal information to obtain parental consent:

(c) Exceptions to prior parental consent. Verifiable parental consent is required prior to any collection, use, or disclosure of personal information from a child except as set forth in this paragraph:

(1) Where the sole purpose of collecting the name or online contact information of the parent or child is to provide notice and obtain parental consent under §312.4(c)(1). If the operator has not obtained parental consent after a reasonable time from the date of the information collection, the operator must delete such information from its records;

This means you CAN collect a child’s or parent’s name or contact information in an effort to obtain parental consent and that data may be retained for a period of “reasonable time” to gain that consent. If consent is not obtained in that time, then the channel owner must “delete such information from its records”.

➡️ “How can I protect myself?”

As long as your channel remains on YouTube with published content, your channel is at risk. As mentioned above, there are several steps you can take to reduce your risks. I’ll list them here:

1. Apply for Safe Harbor with TrustArc’s TRUSTe certification. It will cost you money, but once certified, your channel will be safe from the FTC so long as you remain certified under the Safe Harbor provisions.
2. Remove your channel from YouTube. So long as no content remains online, the FTC can’t review your content and potentially mark it as “covered by COPPA.”
3. Wait and see. This is the most risky option. The FTC makes some claims that it intends proving you had access to, stored and maintained protected data from children. However, there are just as many statements that indicate they will take action first, then request proof later. Collecting data will be difficult burden of proof for most channels. It also means a court battle.
4. Use DYI or locate a service to obtain verifiable parental consent for every subscriber 12 and under.

➡️ “What went wrong?”

A whole lot failed on Google and YouTube’s side. Let’s get started with bulleted points of Google’s failures.

• Google has failed to identify children 12 and under to YouTube content creators.
• Google has failed to offer mechanisms to creators to prevent children 12 and under from viewing content on YouTube.
• Google has failed to prevent children 12 and under from creating a Google Account.
• Google has failed to offer a system to allow parents to give consent for children 12 and under to Google. If Google had collected parental consent for 12 and under, that consent should automatically apply to content creators… at least for data input using Google’s platforms.
• Google has failed to warn parents that they will need to provide verifiable consent for children 12 and under using Google’s platform(s). Even the FTC has failed to warn parents of this fact.
• YouTube has failed to provide an unsubscribe tool to creators to easily remove any subscribers from a channel. See question below.
• YouTube has failed to provide a blocking mechanism that prevents a Google Account from searching, finding or watching a YouTube channel.
• YouTube has failed to identify accounts that may be operated by a child 12 and under and warn content creators of this fact thus allow the creator to block any such accounts.
• YouTube has failed to offer a tool to allow creators to block specific (or all) content from viewers 12 and under.
• YouTube has failed to institute a full ratings system, such as the TV Parental Guidelines that sets a rating on the video and provides a video rating identifier within the first 2 minutes, thus stating that a video may contain content inappropriate for certain age groups. Such a full ratings system would allow parents to block specific ratings of content from their child using parental controls. This would allow parents to prevent not only children 12 and under from viewing more mature rated YouTube content, it lets parents block content for all age groups handled by the TV Parental Guidelines.

➡️ “I’m a creator. Can I unsubscribe a subscriber from my channel?”

No, you cannot. But, you can “Block” the user and/or you can “Hide user from channel” depending on where you are in the YouTube interface. Neither of these functions are available as features directly under the Subscriber area of YouTube Creator. Both of these features require digging into separate public Google areas. These mechanisms don’t prevent a Google Account from searching your channel and watching your public content, however.

To block a subscriber, enter the Subscribers area of your channel using Creator Studio Classic to view a list of your subscribers. A full list of subscribers is NOT available under the newest YouTube Studio. You can also see your subscribers (while logged into your account) by navigating to https://www.youtube.com/subscribers. From here, click on the username of the subscriber. This will take you to that subscriber’s YouTube page. From this user page, locate a small grey flag in the upper portion of the screen. I won’t snapshot the flag or give its exact location because YouTube is continually moving this stuff around and changing the flag image shape. Simply look for a small flag icon and click on it, which will drop down a menu. This menu will allow you to block this user.

Blocking a user prevents all interactions between that user and your channel(s). They will no longer be able to post comments on your videos, but they will still be able to view your public content and they will remain subscribed if they already are.

The second method is to use “Hide user from channel”. You do this by finding a comment on the video from that user and selecting “Hide user from channel” using the 3 vertical  dot drop down menu to the right of the comment. You must be logged into your channel and viewing one of your video pages for this to work.

Hiding a user and blocking a user are effectively the same thing, according to YouTube. The difference is only in the method of performing the block. Again, none of the above allows you to unsubscribe users manually from your channel. Blocking or hiding a user still allows the user to remain subscribed to your channel as stated above. It also allows them to continue watching any public content that you post. However, a blocked or hidden user will no longer receive notifications about your channel.

This “remaining subscribed” distinction is important because the FTC appears to be using audience viewer demographics as part of its method to determine if a channel is directing its content towards children 12 and under. It may even use subscriber demographics. Even if you do manage to block an account of a child 12 and under who has subscribed to your channel, that child remains a subscriber and can continue to search for your channel and watch any content you post. That child’s subscription to your channel may, in fact, continue to impact your channel’s demographics, thus leading to possible action by the FTC. By blocking 12 and under children, you may be able to use this fact to your advantage by proving that you are taking action to prevent 12 and under users from posting inappropriate data to your channel.

➡️ “What about using Twitch or Mixer?”

Any video sharing or live streaming platforms outside of and not owned by Google aren’t subject to Google’s / YouTube’s FTC agreement.

Twitch

Twitch isn’t owned or operated by Google. They aren’t nearly as big as YouTube, either. Monetization on Twitch may be less than can be had on YouTube (at least before this COPPA change).

Additionally, Twitch’s terms of service are fairly explicit regarding age requirements, which should prevent COPPA issues. Twitch’s terms state as follows of minors using Twitch:

2. Use of Twitch by Minors and Blocked Persons

The Twitch Services are not available to persons under the age of 13. If you are between the ages of 13 and 18 (or between 13 and the age of legal majority in your jurisdiction of residence), you may only use the Twitch Services under the supervision of a parent or legal guardian who agrees to be bound by these Terms of Service.

This statement is more than Google provided for its creators. This statement by Twitch explicitly means Twitch intends to protect its creators from COPPA and any other legal requirements associated with minors or “children” using the Twitch service. For creators, this piece of mind is important.

Unfortunately, Google has no such creator piece of mind. In fact, the whole way YouTube has handled COPPA is sloppy at best. If you are a creator on YouTube, you should seriously consider this a huge breech of trust between Google and you, the creator.

Mixer

Mixer is presently owned by Microsoft. I’d recommend caution using Mixer. Because Microsoft allows 12 and under onto its ID system, it may end up in the same boat as YouTube. It’s probably a matter of time before the FTC targets Microsoft and Mixer with similar actions.

Here’s what Mixer’s terms of service say about age requirements:

User Age Requirements

• Users age 12 years and younger cannot have a channel of their own. The account must be owned by the parent, and the parent or guardian MUST be on camera at all times. CAT should not have to guess whether a parent is present or not. If such a user does not appear to have a guardian present, they can be reported, so CAT can investigate further.
• Users aged 13-16 can have a channel, with parental consent. They do not require an adult present on camera. If they are reported, CAT will take steps to ensure that the parent is aware, and has given consent.

This looks great and all, but within the same terms of service area it also states:

Users Discussing Age In Chat

We do NOT have any rule against discussing or stating age. Only users who claim to be (or are suspected to be) under 13 will be banned from the service. If someone says they are under 13, it is your choice to report it or not; if you do report it, CAT will ban them, pending proof of age and/or proof of parental consent.

If someone is streaming and appears to be under 16 without a parent present, CAT may suspend the channel, pending proof of parental consent and age. Streamers under 13 have a special exception, noted [above].

If you’re wondering what “CAT” is, it stands for Community Action Team (AKA moderators) for Mixer. The above is effectively a “Don’t Ask, Don’t Tell” policy. It also means Mixer has no one to actively police the service for underage users, not even its CAT team. It also means that Mixer is aware that persons 12 and under are using Mixer’s services. By making the above statement, it opens Mixer up to auditing by the FTC for COPPA compliance. If you’re considering using Mixer, this platform could also end up in the same boat as YouTube sooner rather than later considering the size of Microsoft as a company.

Basically, Twitch’s Terms of Service are a better written for creator piece of mind.

➡️ “What is ‘burden of proof’?”

When faced with civil legal circumstances, you are either the plaintiff or the defendant. The plaintiff is the party levying the charges against the other party (the defendant). Depending on the type of case, burden of proof must be established by the plaintiff to show that the defendant did (or didn’t) do the act(s) alleged. The type of burden of proof is slightly different when the action is a civil suit versus a criminal suit.

Some cases requires the plaintiff to take on the burden of proof to show the act(s) occurred. But, it’s not that simple for the defendant. The defendant may be required to bring both character witnesses and actual witnesses which may, in fact, establish a form of burden of proof that the acts could not have occurred. Even though burden of proof is not explicitly required of a defendant, that doesn’t mean you won’t need to provide evidence to exonerate yourself. In the case of a civil FTC action, the FTC is the plaintiff and your channel will be the defendant.

The FTC itself can only bring civil actions against another party. The FTC will be required to handle the burden of proof to prove that your channel not only collected the alleged COPPA protected data, but that you have access to and remain in possession of such data.

However the FTC can hand its findings over to the United States Department of Justice which has the authority to file both civil and criminal lawsuits. Depending on where the suit is filed and by whom, you could face either civil penalties or criminal penalties. It is assumed that the FTC will directly file its legal actions against COPPA as civil suits… but that’s just an assumption. The FTC does have the freedom to request the Department of Justice handle the complaint.

One more time, this article is not legal advice. It is simply information. If you need actual legal advice, you are advised to contact an attorney who can understand your specific circumstances and offer you legal advice for your specific circumstances.

↩︎