A lawsuit accusing Google of breaking America’s child privacy laws will proceed to trial as a judge denied the web goliath’s motion to throw out the case.
Filed in June last year, the suit alleges Google ignored state child privacy laws in California, Florida, and New York, which prohibit targeted advertising to children under the age of 13 and collecting their data.
Specifically, the suit is going after Google for setting up a program in 2015 called Designed for Families (DFF). That essentially allowed developers to declare their apps were all above board regarding advertising to children and that only appropriate content would be shown. Apps verified as such by the DFF program would be presented to parents in the Google Play store as safe for kids.
The suit alleges apps were wrongly labeled under the DFF program and as such youngsters ended up using software that unlawfully invaded their privacy. The key thing here is that if developers told Google their apps were primarily intended for under-13s, they would not be allowed to use those kids’ data and target them with behavioral advertising. But if the developers said their apps were for a “mixed audience” or “not primarily intended for children,” then targeted ads and data collection was OK under the DFF.
Thus, the lawsuit claims, app makers were incentivized to label apps clearly intended to be used by under-13s as safe for a “mixed audience” to ensure they still bag some lucrative targeted advertising revenue of which Google got a cut. Those apps would get a stamp of approval by the DFF program, and parents would think the software is fine for children of all ages, young and older. That means under-13s ultimately ended up using supposedly family-friendly apps that targeted them with ads, which is against the law, the suit argued.
As we put it this time last year, Google was thus sued for violating kids’ privacy through a program intended to protect kids’ privacy.
The Chrome giant responded by filing a motion to dismiss the suit entirely, with part of their argument [PDF] being that the complaint was simply invalid. Part of Google’s reasoning was that the plaintiffs’ complaint didn’t fully cover basic facts, such as when the alleged infractions took place, which the Chocolate Factory says may well be pertinent because the relevant statute of limitations says its supposed misdeeds can’t be brought to court if they took place before June 22, 2019.
In other words, Google says the plaintiffs waited too long to file their lawsuit, pointing out that the specific DFF-approved apps mentioned, those made by Tiny Lab, were removed from the Google Play Store in September 2018.
Google also made other arguments, such as that there was no “real or immediate threat” that any children’s data collected back then would be used again, and that the state laws didn’t matter as long as Google compiled with the Federal Children’s Online Privacy Protection Act (COPPA). It also argued there was “no reasonable expectation of privacy” anyway, “given Google’s public disclosures regarding data collection and use.”
District Judge Casey Pitts, however, was not very sympathetic to the search engine giant’s arguments, and on Tuesday denied the motion to dismiss, writing [PDF] that pretty much everything the Google legal team argued to get the case tossed out was wrong.
One important thing Judge Pitts points out was that Google argued as if the main problem was the individual apps used by the children represented in the lawsuit, even though the plaintiffs focused on the DFF program as the bigger issue and only brought up Tiny Lab as an alleged example of how the DFF would encourage the mislabeling of privacy-busting software as safe for kids to use.
To reiterate, the lawsuit is about the alleged failings of the DFF in that it drew kids to play games and similar apps that targeted them with ads.
Consequently, Judge Pitts said the tech giant can’t set the date of the supposed unlawful actions to September 2018 (when it removed Tiny Lab from the Google Play Store) or beforehand, because the DFF program was only axed in 2021 after the mega-corp settled a lawsuit brought by the New Mexico state government, and 2021 is well within the statute of limitations.
The judge also said that there’s no evidence that the data of the children represented in the lawsuit is actually gone for good, which provides enough ground for the lawsuit.
Furthermore, Judge Pitts argued that compliance with COPPA doesn’t provide absolute protection from state law, but even if it did, he said the plaintiffs have a plausible claim under COPPA anyway. The judge also said the claims regarding state-level laws are also valid.
It appears the trial will go forward after all, though a schedule for the proceedings has not been set yet. The Register has reached out to Google for comment. ®