Blog

California AG Settles with Tilting Point Over Children’s Data Collection

Julie Rubash, General Counsel and Chief Privacy Officer
June 24, 2024
California AG Settles with Tilting Point Over Children's Data Collection

USA

California AG Settles with Tilting Point Over Children’s Data Collectione

The California Attorney General and LA City Attorney announced a $500,000 settlement with Tilting Point Media based on allegations the mobile game company collected and shared children’s data for targeted advertising without parental consent in violation of the CCPA and COPPA. This is the third public AG settlement under the CCPA. In addition to paying the settlement amount, Tilting Point will be required to comply with a list of injunctive terms, including requirements to obtain parental consent for children under 13, obtain “opt-in” consent for children age 13-15, use a compliant age screen, and implement an SDK governance framework to review the use and configuration of SDKs within its apps.

TAKEAWAY

Although the app at issue, SpongeBob: Krusty Cook-Off, contained an age screen, the investigation leading to the settlement found that the screen did not ask age in a neutral manner to encourage children to enter their age correctly. In addition, Tilting Point was found to have inadvertently misconfigured third-party software development kits (SDKs), resulting in the collection and sale of kids’ data without parental consent.

New York Enacts Law Applicable to Data of Minors Under 18

The New York Child Data Protection Act, which will take effect in June 2025, will impose certain obligations on operators of digital services “primarily directed to minors under 18” or that have actual knowledge (including through browser or device signals) of users under 18. Such operators must obtain “informed consent” for processing of minor data that is not strictly necessary, which consent must be separate from other transactions and must give users a clear option to refuse consent as the most prominent option. The law was enacted along with another children’s privacy law, the SAFE for Kids Act, which is more narrowly applicable to certain social media applications.

TAKEAWAY

California’s attempt to extend data privacy protections to minors under 18, the California Age Appropriate Design Code, was enjoined based on a finding that first amendment claims against it were likely to succeed. The ruling is currently pending appeal. The New York law contains several elements that differentiate it from the California law, however, including a narrower application to services “primarily directed to minors” as opposed to the broader application of the California to services “likely to be accessed by children.”


Looking for guidance on all the U.S. States’ privacy regulation? Download Sourcepoint’s Ultimate Guide to U.S. State Privacy Laws.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

FTC and Sensitive Location Data; New Pen Register Class Actions

December 9, 2024

FTC takes action against the sale of sensitive data...

California CPPA Issues Notice of Proposed Rulemaking

November 25, 2024

News out of California this week. The CPPA moved...

Mitigating risk under the Video Privacy Protection Act (VPPA)

November 23, 2024

Because VPPA is just one of many tools being...

Latest White Papers

E-book: Enterprise Guide To Cookie management & Tracker List Curation

July 1, 2024

How to review the tracking tech on your websites...

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]