At first glance, websites designed for children appear safe and wholesome—offering playful games, educational tools, and cheerful cartoon mascots. But beneath the friendly surface lies a troubling reality: widespread surveillance, exploitative advertising, and a lack of regulatory oversight. A recent investigation into more than 2,000 children’s websites has uncovered alarming practices, revealing that nearly all of them use hidden tracking technologies—and many serve behaviorally targeted ads that promote everything from mental health “cures” to sexually suggestive services.

Figure 1. Children’s Websites Riddled with Tracking .

The study, conducted by a team of privacy and cybersecurity experts, didn’t rely on assumptions or pre-existing lists. Instead, the researchers developed a custom classifier to identify websites specifically aimed at children, analyzing metadata from over two million pages. They then conducted in-depth crawls using advanced tools across five regions and multiple device types, resulting in one of the most extensive audits of child-focused websites to date.

The findings are stark: approximately 90% of the websites embedded third-party trackers—invisible scripts and cookies that collect information about users’ behavior, devices, and browsing habits. Furthermore, 27% of the sites served behaviorally personalized ads, a practice that should legally require parental consent in many jurisdictions. Yet, the study found no effective consent mechanisms in place.Figure 1 shows Children’s Websites Riddled with Tracking .

What’s even more concerning is the nature of some of the ads shown. Using machine learning and image recognition tools, the team analyzed tens of thousands of ad creatives. They discovered promotions for dating sites, weight loss products, and even sex toy retailers. Some ads featured provocative images or emotionally manipulative text designed to draw clicks. These weren’t buried deep within shady corners of the web—they appeared alongside children’s games, coloring pages, and educational activities targeted at elementary schoolers.

From a legal perspective, this raises serious red flags. In the U.S., the Children’s Online Privacy Protection Act (COPPA) bars data collection from users under 13 without verified parental consent. In the EU, GDPR and the forthcoming Digital Services Act ban behavioral targeting to minors entirely [1]. Despite these protections, enforcement is uneven at best—and as this investigation shows, many sites either ignore the rules outright or work with ad networks that do.

The custom crawler didn’t just monitor visible content. It also simulated user interaction with cookie banners, recorded session visuals, and scraped ad disclosures to identify whether ads were explicitly personalized. Of those sites with transparency pages, over 70% admitted to using behavioral targeting.

One of the most unsettling findings was that many websites claiming COPPA compliance loaded tracking scripts before any user interaction, violating the law from the moment a child accessed the site. Worse still, many of these trackers connect to major ad networks and data brokers—entities that specialize in building detailed user profiles, potentially including underage users who cannot legally give consent.

The broader implications are clear: this isn’t just a technical lapse, but a systemic failure of policy and enforcement. Despite well-established privacy laws, compliance is inconsistent, and the digital advertising ecosystem continues to expose young audiences to inappropriate content. Until regulators strengthen enforcement and developers prioritize privacy, children’s websites will remain a vulnerable point in the digital landscape—open to tracking, exploitation, and harm.

References:

1. https://www.digitalinformationworld.com/2025/05/widespread-tracking-and-inappropriate.html#google_vignette

Cite this article:

Keerthana S (2025), Children’s Websites Riddled with Tracking and Inappropriate Ads, Study Finds, AnaTechMaz, pp.261