Cybersecurity & Data Privacy

COPPA Class Action Child Data Protection Lawsuits

Class Actions Filed Against The Walt Disney Company & Viacom, Others, For Violation of Child Privacy Laws

On August 7, 2017 and August 3, 2017, Lieff Cabraser and co-counsel filed federal class action lawsuits against The Walt Disney Company and against Viacom, respectively, alleging that Disney and Viacom violate state and federal privacy protection laws by exporting children’s personal information from mobile games aimed at children to advertising networks without the parental consent required by federal and state law.

If you suspect your child’s data may have been improperly acquired or used by a smartphone game or app in violation of COPPA and other consumer protection or privacy laws, please call us today at 1 800 541-7358 or use the form below. We welcome the opportunity to speak with you about the case.

First Name (required)

Last Name (required)

Email address (required)

Street Address




Telephone Day

Telephone Eve

How did you find our site?

Are you currently represented by an attorney?

Please provide any details or concerns about your child's game and app use:

Any additional comments:

Please sign me up for your Consumer Law newsletter. Yes

 VIDEO: USA Today, “Disney Sued for Reportedly Tracking
Children Through Mobile Games Illegally”

Lawsuit Against Kiloo & Sybo Over Subway Surfers Child Privacy Violations

Earlier, on July 31, 2017, we filed a separate class action lawsuit alleging that popular mobile app game Subway Surfers similarly violates privacy protection laws in the export of children’s personal information to advertising networks, again without obtaining required parental consent. That suit was brought against Kiloo ApS and Sybo ApS, the Danish companies that developed Subway Surfers. The game, directed to children under 13 years of age, has more than a billion downloads and is one of the most played games worldwide.

Apps & Games Exposing Kids to Illegal Data Gathering and Invasion of Privacy

The suit also alleges that certain other Kiloo or Sybo game apps also violate privacy laws. The other games referenced in the complaint are Frisbee Forever, Frisbee Forever 2, Spellbinders, Smash Champs, Tesla Tubes, Storm Blades, and Blades of Brim. Also named as defendants in the suit are the companies that embedded software in Subway Surfers to collect and export the children’s personal information. These defendant ad tech companies are AdColony, Chartboost, Flurry, Inc. and Altaba Inc., InMobi Inc. and InMobi Pte. Ltd, Ironsource Ltd. and Ironsource USA, Inc., Tapjoy, Inc. and Vungle, Inc. Plaintiffs allege that Kiloo and Sybo allowed ad tech companies to embed their tracking software into their gaming apps to collect, use, and disclose their children’s personal data in order to target them with advertisements.

What is The Children’s Online Privacy Protection Act (“COPPA”)

In 1999, Congress enacted the Children’s Online Privacy Protection Act (“COPPA”) to protect the safety and privacy of children online, and the autonomy of their parents, by providing parents the means to halt developers and third-party advertisers from snooping on and profiting from their children.

Many parents do not know that countless web and smartphone apps, including those created for children, are engineered to unlawfully exploit and commercialize underage users’ activity through hidden tracking technologies. As alleged in the complaint, these technologies unlawfully and surreptitiously collect and send data, including the users’ personal information, from the mobile device or tablet to third-parties. App developers and other third-parties then reap millions of dollars in profit from this personal information through lucrative targeted advertising.

Third Party Ad Networks May Be Improperly Accessing Your Child’s Data

COPPA requires app makers and site owners to strongly restrict the use of all information taken from and about child users 13 and younger. In addition to expressly requiring parental consent for all data, there are significant restrictions on the types and methods of marketing that can be made towards child users and leveraging those users’ data. These restrictions apply not just to app creators and site owners, but to any third-party networks and vendors that might place cookies in apps and sites to harvest and aggregate child data.

Child Privacy Data Breaches Are On The Rise

Recent widespread media reports highlight privacy dangers in child toys, including the exposure of voice recordings in toy pets and child info leaked from mobile app toys and games. Child data exposure dangers are unfortunately real, and increasing vigilance is required of parents as their kids’ info is improperly acquired or child data is leaked or improperly taken online.

Is My Child’s Data Safe?

Security issues and flaws relating to apps and Internet-connected children’s toys and games are also on the rise. Lawsuits allege that, in 2015, more than 6 million children’s names, ages, and genders were disclosed along with other related information when the leading manufacturer and distributor of digital learning toys, V-Tech, suffered a simple but devastating hack to its databases. A similar attack on allegedly insecure data stores affected Hello Kitty’s San Rio Town online in late 2015 as well.

Children’s data is increasingly vulnerable to improper acquisition and misuse. Many feel app makers have neglected their duties to safeguard the personal information of kids who are the consumers of the products they develop and distribute. A child’s name, age, location, birthdate, spoken language, and gender can be harvested easily, then misused for overreaching or inappropriate marketing purposes, all in violation of COPPA privacy laws. There are other risks as well– this data becomes even more valuable as the children grow up, and a hacker can hold on to this identifying information and use it when the child becomes an adult to cause harm via identity-based theft and related financial fraud.

Lieff Cabraser’s Work in Digital Privacy & Child Data Security

Lieff Cabraser is committed to helping parents protect their children, their privacy, and their children’s information in a world where electronic toys and games and digital devices with inherent security vulnerabilities are growing more and more pervasive. From voice-controlled home devices that can leak sensitive information to videorecording toys and interactive digital games whose data can be leaked or accessed improperly, our private data — and in particular private child information — faces a growing risk of exposure and improper sharing. An important part of our work protecting children and their data consists of ensuring that companies obey child data protection laws and take all the required steps to ensure that kids’ data remains secure and private.

Our attorneys possess extensive experience and the requisite technological background to successfully assert and litigate all manner of privacy claims. We represent individuals in precedent-setting cases impacting hundreds of millions of Americans against prominent technology, social media, and entertainment corporations for alleged violations of digital privacy rights, data overreaching, and the failure to protect critically-sensitive information.