Google Violates Children’s Online Privacy Protection Act (COPPA)

You Can Hack With Google

Children’s Online Privacy Protection Act (COPPA) was promulgated in 1998. This law is not only one of the few federal online privacy laws in the United States, but also the first influential children’s online privacy protection law in the United States. According to COPPA regulations, online platforms must obtain the consent of their parents when collecting information about children under 13 years of age. Although COPPA is a bill of the United States, according to its regulations, as long as it meets one of the following characteristics, it should be restricted.

  • Websites under the jurisdiction of the United States;
  • Websites hosted on U.S. servers;
  • The website of the owner based in the U.S. territory;
  • Commercial websites on the U.S. market.

In other words, as long as companies acquire users or engage in online business in the United States, they should abide by COPPA regulations. Once a violation is found, the US Federal Trade Commission (FTC) is entitled to a fine of up to the U.S. $ 200 million under the COPPA Act. Therefore, since its introduction, COPPA has been very binding and influential.

In order to create a safe and friendly network environment for children, various mobile application stores have made relevant regulations to urge game and tool application developers to complete COPPA compliance. According to Apple ’s App Store regulations, apps under the category of children ’s apps must clearly indicate the age rating of the target user, which can be divided into three grades: under 5, 6-8, and 9-11. In May 2019, Google announced a new family plan review policy, requiring all developers to strictly complete the content rating specifications by September 2019. Otherwise, Google Play has the right to reject or remove the app.

As the millions of children are now taking online elementary school classes due to COVID-19, Google got a huge increase in usage. At the same time, the company is being sued by two entities for violating state and federal child privacy regulations for its other learning tools. The California court action states Google violated Illinois’ Children’s Online Privacy Protection Act, California’s Unfair Competition Law and the federal Children’s Online Privacy Protection Act (COPPA) by collecting, storing and using the children’s biometric identifiers along with other PII without the required consent of their parents or guardians, according to court documents. The suit was filed in the U.S. District Court for the Northern District of California by plaintiffs H.K. and J.C., both minors, through their father.

LIFARS Compliance Advisory is designed to understand your compliance needs, ascertain current status, provide remediation guidance, and conduct a post-remediation assessment to ensure compliance with regulatory mandates such as GDPR, CCPA, PIPEDA, FFIEC, NYDFS, HIPAA, HITRUST, PCI DSS, and SOX. LIFARS’ competitive advantage is its proprietary systematic process, developed over a span of 20 years enriched by some of the most High-Profile engagements in the world. The LIFARS’ methodology outperforms our competitors in the length of engagement and quality of work, incorporating the following industry standards:

  • The Open Source Security Testing Methodology
  • Open Web Application Security Project (OWASP)
  • ISO 27001 Best practices, BS 7799
  • Industry Frameworks (BITS/FSTC/NIST SP 800-30)
  • National Institute of Standards and Technology (NIST) Special Publication 800-115
  • Technical Guide to Information Security Testing and Assessment
  • Compliance and regulatory frameworks

LIFARS methodology undertakes strict reviews in compliance with ISO 9001, OWASP Top 10 and ISO 27001 requirements. LIFARS Vulnerability Assessments focus on the SANS/FBI Top Twenty list of the most critical vulnerabilities on the Internet.



Contact LIFARS Immediately For
Mitigating Cyber Risks in Your Organization