Google subsidiary YouTube is the latest general audience site to face mass fines over Children's Online Privacy Protection Act violations, according to reports this week, a sign general counsel may want to rethink their compliance approach.

Alphabet Inc.'s Google settlement comes just months after the Federal Trade Commission slapped another general audience site, TikTok, with a record-setting $5.7 million COPPA violation fine. Tyler Newby, co-chair of Fenwick & West's privacy and cybersecurity practice group, said the TikTok fine marked “a shift in how the FTC approaches COPPA enforcement.”

Michelle Cohen, a member attorney at Ifrah Law, said many companies used to safely assume that if their site wasn't targeted at children under 13, they weren't liable under COPPA. But that's no longer the case.

Even if a site is open to all audiences, such as YouTube or TikTok, the lawyers said features like bright colors or emojis could lead the FTC to classify it as a platform appealing to children.

“I think having some mechanisms is certainly better from a regulatory, compliance [and] defense perspective than just saying, 'Well, our website is not designed for kids and so we're not responsible for COPPA,'” Cohen said.

Those defense mechanisms could differ for each company, the lawyers said. A good first step is figuring out whether a platform truly is general audience, or whether aspects of the site target young children.

Newby said it should be easy for users to submit notices flagging concerns about children on the platform. Offering a contact point shows sites are making an effort, Cohen said. And if notices are flooding in, or are reporting similar parts of the site repeatedly, those concerns should be brought to legal.

“If you receive a lot of notices that many users, thousands of users, are under 13, then you can't really just treat those as individual one-offs,” Newby said. “You need to reassess whether you are in fact a general audience site or whether you're directed to children under 13.”

If parts of the site are likely to attract young children, Newby said general counsel may consider putting an age gate for that content that would block user data collection or prompt verifiable consent questions in compliance with COPPA.

And make sure data collection is actually altered for children under 13. Newby said he's seen companies fined for “self-inflicted” issues more than once, establishing age gates to weed out young children but forgetting to change data collection processes.

Companies can also double-check users' ages as they sign up for the site. Cohen suggested platforms prompt users to input their birthdays or ages more than once, to catch children who may be using a fake date to access the site.

“You can't turn a blind eye,” Cohen said. “You can't watch everything, but you also can't say, 'Oh, I'm this general website,' when some of your biggest [users] are young kids.”

Read More: