Class-Action Lawsuit Says Securly Collected, Sold Student Location Data, Video History Without Consent

• By Kristal Kuykendall
• 07/20/23

The parents of two California children are suing Securly, accusing the online-activity surveillance provider of violating California wiretapping and data privacy laws and of violating the federal Video Privacy Protection Act by collecting protected private information without consent and selling it to third-party advertisers.

The class-action lawsuit, filed Monday by Sheri Bate and Azucena Mejia in U.S. District Court’s Southern District of California, frames the collection of the students’ geolocation data as a form of illegal wiretapping; California law — updated in 1992 to include cellular devices — bans “any unauthorized connection” but does not specifically list location data as protected.

Securly “made an unauthorized connection with each plaintiff’s mobile device when Defendent collected and stored geolocation data specific to each plaintiff’s mobile device and then provided such information to its clients for targeted advertising and other purposes” without the knowledge and consent of the students or their parents, the complaint reads. 

“Defendant collected, sold, licensed, and transferred each plaintiff’s precise geolocation data” — data that was tied to “visits to sensitive locations” — without the plaintiffs’ knowledge or consent, causing “substantial injury” to each plaintiff, the complaint reads. 

The lawsuit also alleges that Securly “knowingly disclosed” other personally identifiable information including “a record of every video they view” to unrelated third parties, in violation of the Video Privacy Protection Act, passed by Congress in 1988.

CommonSense.org, which explains privacy and data policies for various software providers and scores each based on how safe user data is on each platform, issued a “Warning” rating and a 63% overall safety score for Securely in June 2021. 

“Securly is a cloud-based web filtering and parental control service that works across schools and homes,” according to Common Sense’s listing for Securly. “The terms state Securly may work with third parties such as network advertisers to display advertisements to users on third-party websites, but also state they do not collect a student’s or a child’s personal information for the purpose of sale, for building student or child profiles, or for commercial purposes not related to the provision of the services.”

Securly's polices clearly state “that the service will not sell any user's personal information to third parties,” Common Sense said. “However, the policies are not clear about how the service may use personal information to display advertising. The terms state Securly may work with third parties such as network advertisers to display advertisements to users on third-party websites, but also state they do not collect a student’s or a child’s personal information for the purpose of sale, for building student or child profiles, o for commercial purposes not related to the provision of the services.”

The plaintiffs are seeking statutory damages of $2,500 for each violation of California wiretapping law, $5,000 for each violation of California’s law banning recording of conversations without consent, and $5,000 for each violation of “unlawful interception.”

The proposed class numbers in the “tens of thousands,” the complaint said, putting the total damages sought at well over $5 million.

Read the full complaint at BloombergLaw.com.