New Mexico Attorney General Hector Balderas filed a lawsuit last week against Google, Twitter, and a number of other smaller tech companies for allegedly tracking children online without parental consent.
Google and Twitter did not make the apps that allegedly violated a federal child-privacy law. Instead, the companies “marketed” these apps through their platforms, according to Balderas’ office.
In addition to Google, the lawsuit names Tiny Lab Productions, Twitter’s MoPub platform, AerServ, InMobi PTE, AppLovin, and IronSource. It states that the former has created apps—which are marketed in Google’s Play Store—that are equipped with illegal tracking functionality. The Children’s Online Privacy Protection Act (COPPA)—a law protecting the privacy of children under the age of 13—was passed in 1998 but overhauled in 2012 to apply to social networks and smartphone apps.
“These apps can track where children live, play, and go to school with incredible precision,” Attorney General Hector Balderas said in a press release. “These multi-million-dollar tech companies partnering with app developers are taking advantage of New Mexican children, and the unacceptable risk of data breach and access from third parties who seek to exploit and harm our children will not be tolerated in New Mexico.”
A press release from Balderas’ office lists 91 apps for improperly tracking children online. They are all developed by Tiny Lab, and a majority were part of Google’s Designed for Families program before Google banned the developer. Tiny Lab, however, states on its website that they are “not violating COPPA in any way as far as we know.”
Google told Gizmodo in a statement that it banned Tiny Lab from its Play Store on September 10 for “repeated violations” of its policy. We have reached out to Tiny Lab for comment and will update when we hear back.
“When developers submit an app to Google Play, they must declare whether it is primarily directed to children,” the spokesperson said. “Apps in our Designed for Families program must comply with more stringent policies related to topics like age-appropriate ads and privacy disclosures, as well as COPPA and other applicable laws. We’re constantly working to improve the program, and always appreciate insights like the reports we received from the Berkeley research team.”
A Twitter spokesperson told Gizmodo in an email that Tiny Lab was suspended from MoPub—an app advertising platform owned by Twitter—in September of last year “for violating our policies regarding child-directed apps.”
Tiny Lab posted the defense on its website earlier this year, shortly after university researchers and computer scientists found that of thousands of apps in Google’s Designed for Families program might be violating children’s privacy laws.
Many companies have a checkered past when it comes to protecting children’s privacy, especially as toys and games for kids have increasingly moved online. In 2017, a class-action lawsuit against the Walt Disney Company alleged that the company let ad tech companies collect children’s personal information through their apps. In January of this year, smart toy maker VTech Electronics settled the Federal Trade Commission’s first case involving a smart toy, paying over $650,000 for violating COPPA. In April, child privacy advocates filed a FTC complaint against YouTube for allegedly illegally collecting the data of children under 13 without parental permission. No wonder child health advocates don’t want kids to get too online too early.
As Josh Golin, executive director of the Campaign for a Commercial-Free Childhood (CCFC), told Gizmodo in April: “It’s just fundamentally unfair to use Google’s powerful behavioral targeting on a child that doesn’t yet understand what’s going on.”