Florida AG: Roku Violated State Privacy Law by Mishandling Kids' Info
Video-streaming box maker Roku “collected, sold and enabled reidentification of sensitive personal data” without receiving authorization or providing meaningful notice, the Florida attorney general’s office said Tuesday. AG James Uthmeier filed a complaint under Florida’s comprehensive privacy law and its Deceptive and Unfair Trade Practices Act in the state’s 20th Judicial Circuit Court.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The sensitive data included kids’ viewing habits, voice recordings and other information, the AG’s office said. Roku violated the two statutes by failing to obtain parental consent and by misrepresenting the effectiveness of privacy and opt-out controls, argued the state.
“Roku acknowledges processing, disclosing, and selling to third parties a wide variety of personal and sensitive data about its users,” said the Florida complaint. “Yet Roku does not acknowledge that it continues processing, disclosing, and selling this personal data even when it has every reason to know the data was collected from children. Worse still, Roku shares with and sells this data to intrusive data brokers, including Kochava, a company that has constructed profiles of tens of millions of children and physically tracks and discloses individuals’ precise geolocation data collected from their personal devices.”
Roku didn’t comment immediately.