How Publishers Can Become COPPA Compliant?

Updated on: January 5, 2024
If you aren't familiar with COPPA and how to make Google Ad Manager and Prebid COPPA compliant, then you are in the right place.

Every time there’s a new privacy law, the entire ad tech industry has to revert with the platform updates and changes in the supply chain. Sometimes, we end up creating a new platform itself. Think, how CMPs went from conception to adoption in a matter of months because of GDPR. As a publisher, you should never be out of the loop and keep up with the policy changes and updates from the platforms and the industry in general. 

Recently, Google Ad Manager, the most-used ad server updated how it handles child-directed ad requests and most of the publishers weren’t aware of the changes let alone prepare for it. If you are a publisher running header auctions, then you are likely to use Google Ad Manager and a wrapper in tandem. 

In this case, this is something that you should do to ensure the bids from header bidding partners are being considered in determining the winner. If you didn’t do anything, your AdX revenue will spike and that’s not a good sign. 

Let’s not get right into it. We’ll start with the basics and then detail the changes to help you prevent any unintended revenue drop.

What is COPPA?

In case you didn’t know, COPPA (stands for Children’s Online Privacy Protection Act) is a U.S federal law that took effect in April 2000. It limits the services providers and publishers on the Internet from collecting children’s data without “verifiable parental consent”. 

If you are a publisher with content that’s specifically made for children or you have “actual knowledge” of attracting children, then you need to put a proper notice on data you are collecting, intended use, third-parties involved, and their use cases on all the pages. Most importantly, you are required to get consent from parents in advance before collecting/processing children’s data. 

So, if you are running ads on your site, then you have to ensure that they [ads] are non-personalized. To put it another way, you can only run contextually-targeted ads to the children. 

COPPA 2013 Update

When COPPA came into effect, it didn’t include services like ad networks and plug-ins. But with its 2013 update, COPPA included both sites and services such as plug-ins or advertising networks that collect personal information from the site visitors. 

As an ad network/platform, Google had to update its platforms. So, Google asked its publishing partners to flag sections/page of the site with chid-directed content via search console and its advertising platforms — AdSense and DFP enabled publishers to send child-directed ad requests. If you send child-directed ad requests, then Google won’t serve interest-based ads to those requests. 

How to Send Child-direct Ad Requests?

a. Search Console:

If you are a publisher with a section of content or specific domains directed to the child, then you can tag the respective sections/subdomains using Search Console. All the pages under the section or sub-directory or subdomain will be considered child-directed and Google would disable interest-based advertising for the pages.

COPPA - Search Console

b. GPT Tag:

But for most of the sites, there’ll be only a couple of pages (if at all) with child-directed content, and tagging an entire section or sub-directory won’t be necessary. In this case, you can send child-directed ad requests via GPT tag from the pages where you wouldn’t want to run interest-based ads. 

The rest of the pages can serve personalized ads as usual. You have to flag the ad request with child-directed status with the following API call: 

googletag.pubads().setTagForChildDirectedTreatment(int options);

Int is 1 – For marking ad request as child-directed. 

Int is 0 – For marking ad request as not child-directed. 

What if your site doesn’t attract any children?

There’s a chance that your content isn’t targeted at children and as a result, you aren’t attracting them. In such a case, it’s agreeable to not mark the ad requests with child-directed status. You can continue serving ads without updating GPT. 

Here’s what is interesting. Whatever we have discussed till now isn’t new. Publishers have been sending child-directed ad requests to Google for years and there wasn’t any need to update the Google Ad Manager setting. 

But Google quietly changed the line item delivery options last month and it’s news for almost all the publishers. Specifically, it added a “child-directed ads” option in “Adjust Delivery” and if you aren’t deliberately selecting “Allow to serve on child-directed requests”, the line item is blocked from serving ads for child-directed requests. 

COPAA Line items - GAM

It can’t serve contextual-targeted ads as well. What’s the worst part?

The new ad delivery update applies to your price priority line items, but not the Google Ad Exchange/AdSense line items. As all the bids from header bidding will be captured by price priority line items, your header bidding is basically nullified. Google AdX will be winning the auction without any competition from header bidding partners. 

Sidenote: We are only talking about child-directed ad requests here. 

Here’s what happening:

When a child-directed ad request is generated, your header bidding partners bid for the ad impressions (based on the contextual information available) and the bids are sent to Google Ad Manager. 

Google Ad Manager takes a bid from Google AdX and then puts all the bids (from header bidders and Google AdX) to compete with each other. If you haven’t updated the price priority line item with “Allow to serve on child-directed requests”, then Google just blocks the line items and so the bids from header bidding are excluded. Google AdX wins the auction. 

So, if you haven’t updated the line items, you wouldn’t see the drop in revenue immediately. Google AdX revenue will spike and the impression share will shift to Google Ad Exchange. 

Sidenote: You need to update ‘Ad delivery’ for all the line item types except Ad Exchange line items. So, it applies to your sponsored/standard line items as well.

Online Privacy laws are one of the raising concerns for the publishers. If you’re curious to know more about how you can deal with different upcoming and existing Privacy Laws for the publishers, we have made a guide for you!

What’s Next?

1. Are you sending child-directed ad requests? Then, first off, ensure that the line items are being allowed to serve ads to child-directed requests. Pull out reports to check whether the demand partners from the header auctions are winning or not.

2. Ensure you are sending the COPPA flag to the header bidding partners as well. Similar to Google, demand partners will have to serve (bid for) non-personalized ads. If you are using Prebid.js, then you can mark the header bidding ad requests with COPPA status with the following API call. 

pbjs.setConfig({coppa: true});

You also need to check with the demand partners for COPPA support. As listed in Prebid, some of the adapters aren’t COPPA supported and hence, they can’t deliver non-personalized ads even if you send the flag. In those cases, you have to block them from serving ads. 

News and Tips for Publishers

Get the inside scoop on publishing and programmatic with our 5-minute newsletter.