Judge Freeman of the U.S. District Court for the Northern District of California dismissed a class action against Google and several YouTube channel owners alleging various violations under California state law.  Plaintiffs alleged Defendants infringed their children’s privacy and consumer rights by collecting personal information and delivering targeted advertisements while they viewed child-directed YouTube videos.  However, the court found that Plaintiffs’ claims were expressly preempted by the federal Children’s Online Privacy Protection Act (“COPPA”), and dismissed the case with leave to amend.

The parties agreed that Plaintiffs’ claims were predicated on COPPA.  Plaintiffs argued that COPPA’s statutory text preempts state laws only to the extent that they are “inconsistent” with the statute, and that such claims were not inconsistent.  The court rejected Plaintiffs’ position, agreeing instead with Defendants’ argument that COPPA provides for a specific enforcement scheme that omits a private right of action and rests enforcement authority solely on the Federal Trade Commission, certain other federal agencies for specific regulated entities, and state attorneys general.  The court wrote that “this scheme is clear, detailed, and does not leave room for state laws to impose additional liability.”  It further stated that “allowing private plaintiffs to bring suits for violations of conduct[] regulated by COPPA, even styled in the form of state law claims, with no obligation to cooperate with the FTC,” would be inconsistent with the treatment of COPPA violations as outlined in the statute.

The court rejected Plaintiffs’ arguments advocating for a presumption against preemption, which it found to be contrary to U.S. Supreme Court precedent, and it stressed the Ninth Circuit’s focus on statutory text in prior cases addressing preemption.  It also distinguished other recent decisions involving state law claims based on COPPA violations, including In re Nickelodeon Consumer Privacy Litigation, Manigault-Johnson v. Google, LLC, and New Mexico ex rel. Balderas v. Tiny Lab Prods.  In those cases, Judge Freeman noted, other allegations that went beyond COPPA were at play, preemption was not an issue, or the state attorney general was the entity seeking to enforce the COPPA violations (in line with the law’s statutory enforcement scheme).

The court’s decision reiterates that the enforcement scheme provided by COPPA is specifically prescribed and not unlimited.  This lesson is worth remembering in light of recent and growing interest in children’s privacy litigation.

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.