On Sept. 12, New Mexico’s Attorney General Hector Balderas announced a lawsuit against a group of tech companies – including Google and Twitter – for jeopardizing children’s safety and privacy in ways that are in violation of child protection laws, including the Child Online Protection Act (COPPA). While major tech platforms and advertisers are named in the lawsuit, it’s explicitly directed at Tiny Lab Productions, a smartphone game developer. Tiny Lab’s alleged behavior, involving the capture and use of children’s location data (among other things), is emblematic of a broader problem in the tech industry. That’s why we’re not only digging into the details of this lawsuit, but also describing the reasons why it’s so timely and significant. Keep reading to learn more about both the suit and what it means for parents and families.

What are the full details of the lawsuit?

As stated above, the lawsuit addresses several companies but is primarily concerned with Tiny Lab Productions, a Lithuanian mobile game developer with over 80 games available for download on smartphones. Forensic analysis of the code present in Tiny Lab Productions’ apps revealed that there were instances of certain types of software development kits (or SDKs) that feed user information to a developer’s advertising partners. In this case, it appears that Tiny Lab Productions collected the geolocation data of app users as well as device information and IP addresses, both being other types of metadata that can be cross-referenced to potentially personally identify someone. The lawsuit includes entities like Twitter and Google as well as advertising platforms like MoPub, AerServ, InMobi, PTE, AppLovin and IronSource.

Google specifically received blamed because Tiny Lab Productions’ apps are sold in Google’s app store. While Google’s developer standards prevent apps from tracking children under 13, the lawsuit claims that Tiny Lab Productions circumvented this through a technicality. By enrolling some of its apps in Google’s “Designed for Families” program, Tiny Labs Productions was allowed to place its games alongside more general purpose apps for multiple age ranges. This technicality is fairly reminiscent of the Cambridge Analytica scandal, where a third-party developer bypassed Facebook’s developer rules because the company failed to enforce them properly. In this case, though, the lawsuit is alleging that Google had knowledge of this deception and did nothing about it until it was too late. As of Sept. 10, Tiny Lab Productions has been banned from Google’s Play Store for “repeated violations” of Google’s policies, though the developer insists the issue is that users aren’t reading the terms of service. Tiny Lab Productions maintains that data isn’t tracked for anyone under 13; however, should a user indicate that they are over that age, their information is legally collected, as specified by COPPA.

Tiny Labs Productions allegations point to a bigger problem

The Tiny Labs Productions lawsuit is actually the continuation of a story from earlier in the year. Back in April, security researchers, looking at a sample of 5,855 apps in Google’s Play Store that were listed under the Designated for Families program, found that 28% of these apps accessed “sensitive data” and 73% “transmitted sensitive data over the Internet,” as noted by the study. Some of the apps identified in this study are, in fact, Tiny Lab Productions’ apps but there are many other developers named, implying that there could be a whole ecosystem of apps like this. This study is referenced within New Mexico’s lawsuit, and it notes that even after learning about the research and talking with researchers, Google failed to take COPPA compliance seriously. Attorney General Balderas, who brought the suit forward, sees his lawsuit as a potential wake-up call for federal and state governments, suggesting that he knows that the problem extends far beyond just Tiny Lab Productions. Beyond mobile apps, it appears that a lot of platforms have or possibly still continue to capture children’s information recklessly. For example, Disney faced a lawsuit over this behavior in 2017 and YouTube had an FTC complaint filed against it earlier this year regarding this issue.

How can you protect your children from data collection?

We’ve talked before about how much data children’s activities online generate and how insecure the applications and devices they use can be, which is why it’s important to keep abreast of news like this. Aside from this, here’s what else you should keep in mind when it comes to protecting your child’s information online:

1. Limit exposure to technology for younger kids. Bill Gates and Steve Jobs were famously low-tech parents. Regardless of their reasons, over the past several years, developmental psychology has found that excessive use of technology – especially for young kids – can have adverse effects, something we talked a bit about in our post on social media and its effects on kids. Limiting your child’s time with technology can address this issue, and it has the added benefit of making it less likely your child will be consistently tracked by tech companies.

2. Supervise their play sessions. You need to be aware of the ways in which your child uses devices and programs, and supervising them is a great way to do so. That’s because while supervising your child, you can enforce reasonable time limits as well as help them have a grounded relationship with technology.

3. Read the terms of service for any device/program your child uses. In a recent NextAdvisor survey, we found that many people believed they understood “the gist” of many terms of service documents, but when it comes to children, it’s critical that you understand all of the terms in an agreement. Since a child is going to be the primary user, and they don’t have the knowledge needed to understand what they’re consenting to when they play a mobile game or use an online-enabled toy, it’s imperative that a parent is fully aware of the developer’s terms. It only takes one or two hidden clauses to justify data collection. In fact, before even allowing a child to play with a device or download an app, you should understand its features and review its user agreement. If you spot something you don’t like, opt to not let your child play with the game or toy. Need help transcribing terms of service agreements? Take a look at our guide on reading terms of service agreements for ideas on how to approach that.

For more relevant and timely tech news that impacts you, keep reading our technology blog.