Privacy & Information Security Law Blog

On November 27, 2020, New Mexico Attorney General Hector Balderas filed a notice of appeal to the U.S. Court of Appeals for the Tenth Circuit in the lawsuit it brought against Google on February 20, 2020, regarding alleged violations of the federal Children’s Online Privacy Protection Act (“COPPA”) in connection with G-Suite for Education (“GSFE”). As we previously reported, the U.S. District Court of New Mexico had granted Google’s motion to dismiss, in which it asserted that its terms governed the collection of data through GSFE and that it had complied with COPPA by using schools both as “intermediaries” and as the parent’s agent for parental notice and consent, in line with Federal Trade Commission Guidance.

COPPA prohibits website operators from collecting data from children under the age of 13 without parental consent. According to the FTC’s COPPA FAQs, in cases where operators contract with schools to offer online programs “solely for the benefit of their students and for the school system,” schools may act “as the parent’s agent and can consent under COPPA to the collection of kids’ information on the parent’s behalf.” The FAQs indicate that a school’s ability to consent on parents’ behalf is limited to the “educational context authorized by the school” (i.e., where the operator collects personal information from students only for the use and benefit of the school, and for no other commercial purpose). According to separate guidance from the FTC, in cases where consent is required (e.g., where an operator intends to use or disclose the children’s personal information for its own commercial purposes in addition to the provision of educational services) the school may act as the intermediary in providing notice and obtaining consent from parents.

The State had alleged that Google was using GSFE to “spy on New Mexico students’ online activities for its own commercial purposes, without notice to parents and without attempting to obtain parental consent.”