Why Michigan AG sued Roku for violating VPPA, COPPA, & consumer protection laws

Hey there, folks! So, on April 29th, 2025, things got pretty interesting when the Michigan Attorney General decided to shake things up by filing a lawsuit against Roku. What’s all the fuss about, you ask? Well, it turns out that Roku was accused of sharing some pretty sensitive personal data without getting the proper consent first. And not just any data – we’re talking about stuff that violates the Video Privacy Protection Act (VPPA), Children’s Online Privacy Protection Act (COPPA), the Michigan Consumer Protection Act, and Michigan’s Preservation of Personal Privacy Act. Yikes!

Now, let’s break it down a bit. The lawsuit against Roku revolves around three main claims. First off, Roku was allegedly sharing kids’ personal info with advertising third parties without the okay from their parents. Not cool, Roku, not cool. Secondly, they were also accused of passing on personally identifiable information (PII) linked to users’ video viewing history without their explicit consent. And last but not least, it seems like Roku wasn’t too keen on respecting users’ wishes to keep their personal info private or to limit ad tracking. Naughty, naughty!

Roku is known for renting and selling videos through its connected TV devices and software, so you can imagine the Michigan Attorney General raising an eyebrow or two about how they handle all that juicy customer data. This lawsuit is just another example of the increased scrutiny on companies that play fast and loose with personal data without jumping through the necessary consent hoops.

So, what’s the moral of the story here? Well, companies need to be on their toes when it comes to how they handle personal data, especially when it involves renting or selling video content, marketing to kids, or not being upfront about their privacy policies. It’s all about being transparent and making sure that data flows in and out of digital products in a way that respects privacy laws and regulations. Enter Privado.ai, the superhero of product privacy management, offering solutions to keep your data safe and sound across all your digital products.

Now, let’s get into the nitty-gritty of the allegations. The lawsuit points fingers at Roku for allegedly violating the VPPA, Michigan’s Preservation of Personal Privacy Act, COPPA, and the Michigan Consumer Protection Act. These laws are all about protecting consumer privacy and ensuring that companies play by the rules when it comes to handling personal data.

It’s a whole saga of accusations, from sharing customers’ PII with third parties without their explicit consent to collecting children’s personal data without proper notice or parental consent. And let’s not forget about Roku’s “Do not share or sell my personal information” setting that allegedly doesn’t do what it says on the tin. Sneaky, sneaky!

So, what’s the bottom line for all you privacy leaders out there? Any company that doesn’t walk the talk when it comes to privacy policies is playing with fire, even in states without comprehensive privacy laws like Michigan. Data tied to PII is a potential minefield, especially when it comes to video rental or purchase history. And when it comes to kids’ data, well, let’s just say that COPPA is not messing around.

To stay ahead of the privacy game, keep an eye on all your digital products, whether it’s connected TV apps, mobile apps, or websites. And if you need a helping hand, Privado.ai is here to save the day with tools like App Auditor, Privacy Code Scanning, and Web Auditor to keep your data shipshape and compliant with regulations. So, keep calm and stay privacy-savvy, my friends!

Leave a Reply

Your email address will not be published. Required fields are marked *