In case you missed it: Michigan’s Attorney General has filed a lawsuit against Roku, alleging that the company collects and shares children’s personal data and video viewership data in violation of COPPA and the VPPA, respectively.
[Press Release: https://lnkd.in/et6_ug_n ]
The complaint claims Roku systematically gathers sensitive information from children—including voice recordings, geolocation, and browsing history—without proper parental notice or consent, and shares this data with third parties. The complaint contrasts Roku’s child-facing experiences (which lacks children’s profiles) against similar platforms that allow parents to set up and manage their children’s viewing experience.
Why it matters: Children’s privacy and online safety remain a focal point for regulators.
Our take: The complaint takes an expansive view of COPPA applicability, namely that persistent identifiers tied to child-directed TV channels is enough to trigger the statute’s applicability (even when Roku might not have had any knowledge of which members in a household actually viewed those channels). If you’ve considered COPPA inapplicable to your company in the past, consider re-evaluating your company’s approach to COPPA in light of that theory.
