Privacy & Cybersecurity Law Blog

On September 25, 2020, the District Court of New Mexico granted Google’s motion to dismiss a lawsuit filed on February 20, 2020, by New Mexico Attorney General Hector Balderas alleging, among other claims, that the company violated the federal Children’s Online Privacy Protection Act (“COPPA” or the “Act”) by using G Suite for Education to “spy on New Mexico students’ online activities for its own commercial purposes, without notice to parents and without attempting to obtain parental consent.”

Google asserted that it complied with COPPA, in line with Federal Trade Commission guidance, by using schools as intermediaries or the parent’s agent for parental notice and consent. The Court concluded that the State had failed to state a claim for relief that Google violated COPPA in relying on schools to serve as the parent’s agent and/or to act as intermediaries between Google and the parents in the notice and consent process. The State has until October 13, 2020, to file an amended complaint to state a COPPA claim that is “plausible on its face.” Otherwise, the claim will be dismissed with prejudice.

This action is one of two brought by the New Mexico Attorney General to enforce COPPA. In September 2018, Attorney General Balderas filed suit against certain ad networks (including Google, Inc., AdMob, Inc., Twitter, Inc., MoPub, Inc., AerServ LLC, InMobi PTE Ltd., Applovin Corp., and ironSource USA, Inc.) and app developer Tiny Lab Productions, alleging that they violated COPPA by failing to obtain verifiable parental consent to collect from children under the age of 13 and failing to give notice of the data collection and use. Specifically, under COPPA, app developers are strictly liable if personal information is collected from children in a manner that violates the Act, and ad networks may be held liable for the collection of personal information from child app users if they have “actual knowledge” that the apps in which their SDKs are embedded are directed to children. In April 2020, certain claims in this suit were dismissed against the ad networks for failure to adequately allege that some of the ad exchanges had actual knowledge that the app developer’s apps were child-directed.