Privacy & Information Security Law Blog

On April 29, 2025, the Michigan Attorney General filed a lawsuit against Roku alleging violations of the federal Children’s Online Privacy Protection Act (“COPPA”). The complaint alleges that Roku collects and processes, and allows third parties to collect and process, children’s personal information, including voice recordings, location data, IP addresses and browsing histories, in violation of COPPA. The complaint also alleges that Roku monetizes children’s personal information by enabling third-party channels to collect this personal information, to increase Roku’s advertising revenue and make its platform more attractive to content providers and advertisers.

In addition, the complaint asserts that Roku misleads parents about its collection of their children’s personal information and creates confusion regarding parents’ rights to protect such information. Specifically, Roku allegedly does not (1) provide notice of what types of information it collects from children and how it uses and discloses such information; (2) obtain verifiable parental consent before collecting, using or disclosing such information; and (3) does not provide a “reasonable means for a parent to review the personal information collected from a child and to refuse to permit its further use or maintenance.”

Separately, the lawsuit alleges violations of the Video Privacy Protection Act, the Michigan Preservation of Personal Privacy Act (i.e., the Video Rental Privacy Act) and the Michigan Consumer Protection Act. The complaint seeks to cease Roku’s alleged illegal data collection and disclosure practices, require Roku to comply with federal and state law, and recover damages, restitution and civil penalties.