A U.S. district judge has dismissed New Mexico’s privacy claims against Google over privacy concerns, but New Mexico’s top prosecutor vowed Monday to continue the legal fight to protect child privacy rights.
The judge concluded in a ruling Friday that federal laws and regulations do not require direct consent from parents when schools participate in Google’s education platforms. Google had asked that the case be dismissed, saying it hasn’t violated any laws as it is required only to make reasonable efforts to provide notice and obtain consent.
Under the ruling, New Mexico can amend its complaint.
“The law is clear that Google must protect our children’s privacy, and we strongly disagree with the court’s ruling,” New Mexico Attorney General Hector Balderas said in a statement to The Associated Press. “For years massive tech companies like Google have lobbied Washington to keep themselves from being regulated, and I have no doubt that a company that has already paid millions of dollars in fines to the federal government is not putting the privacy and security of children first.”
Google spokesman Jose Castaneda said Monday the company was pleased with the ruling and it will continue working with schools to protect students’ privacy.
The lawsuit was filed in February, citing violations of state law and the federal Children’s Online Privacy Protection Act. It followed a separate legal challenge in 2018 that alleged Twitter, Google and mobile app companies violated state and federal laws by collecting personal information through apps without consent.
The cases were initiated as public concern has escalated about whether information regarding online interests, browsing and buying habits were slipping into the hands of data brokers without consent. An Associated Press investigation in 2018 found that many Google services on Android devices and iPhones were storing user location even if users turned off location history.
In the latest New Mexico case, the state alleged Google failed to give direct notice to parents and that any notice Google provided wasn’t intended for the child’s parent and contains terms that no child under the age of 13 would comprehend.
“While the state argues for direct notice to and consent by parents, that is not what the law and regulatory framework require,” the ruling states. “While this might be preferred in a perfect world, the law only requires operators to ‘make any reasonable effort’ to provide notice and obtain consent.”
In considering what constitutes a reasonable effort, the court pointed to guidance from the Federal Trade Commission that recognizes many schools already seek parental consent for in-school Internet access at the beginning of the school year and that Google’s G Suite for Education agreement — to which schools commit when they use the services — authorizes Google’s data collection practices.
Related: Google Tweaks Privacy Settings to Keep Less User Data
Related: Australian Watchdog Accuses Google of Privacy Breaches
Related: Google to Pay $170 mn Fine for Collecting YouTube Data From Kids
