California AG Settles with Tilting Point Over Children’s Data Collection

Julie Rubash, General Counsel and Chief Privacy Officer
June 24, 2024
California AG Settles with Tilting Point Over Children's Data Collection


California AG Settles with Tilting Point Over Children’s Data Collectione

The California Attorney General and LA City Attorney announced a $500,000 settlement with Tilting Point Media based on allegations the mobile game company collected and shared children’s data for targeted advertising without parental consent in violation of the CCPA and COPPA. This is the third public AG settlement under the CCPA. In addition to paying the settlement amount, Tilting Point will be required to comply with a list of injunctive terms, including requirements to obtain parental consent for children under 13, obtain “opt-in” consent for children age 13-15, use a compliant age screen, and implement an SDK governance framework to review the use and configuration of SDKs within its apps.


Although the app at issue, SpongeBob: Krusty Cook-Off, contained an age screen, the investigation leading to the settlement found that the screen did not ask age in a neutral manner to encourage children to enter their age correctly. In addition, Tilting Point was found to have inadvertently misconfigured third-party software development kits (SDKs), resulting in the collection and sale of kids’ data without parental consent.

New York Enacts Law Applicable to Data of Minors Under 18

The New York Child Data Protection Act, which will take effect in June 2025, will impose certain obligations on operators of digital services “primarily directed to minors under 18” or that have actual knowledge (including through browser or device signals) of users under 18. Such operators must obtain “informed consent” for processing of minor data that is not strictly necessary, which consent must be separate from other transactions and must give users a clear option to refuse consent as the most prominent option. The law was enacted along with another children’s privacy law, the SAFE for Kids Act, which is more narrowly applicable to certain social media applications.


California’s attempt to extend data privacy protections to minors under 18, the California Age Appropriate Design Code, was enjoined based on a finding that first amendment claims against it were likely to succeed. The ruling is currently pending appeal. The New York law contains several elements that differentiate it from the California law, however, including a narrower application to services “primarily directed to minors” as opposed to the broader application of the California to services “likely to be accessed by children.”

Looking for guidance on all the U.S. States’ privacy regulation? Download Sourcepoint’s Ultimate Guide to U.S. State Privacy Laws.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

Unlimited Data Export for Easier Privacy Audits and CMP Disclosures

July 12, 2024

Keeping track of all your tracking technology partners to...

What is Global Privacy Control? Frequently Asked Questions

July 9, 2024

How does Global Privacy Control work? How is it...

Comprehensive Privacy Laws Take Effect in Texas and Oregon

July 9, 2024

Now in effect: privacy laws in Texas, Oregon, and...

Latest White Papers

E-book: Enterprise Guide To Cookie management & Tracker List Curation

July 1, 2024

How to review the tracking tech on your websites...

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]