Roblox Corporation is facing a class action lawsuit filed in California federal court that accuses the platform of secretly collecting and sharing data from children without proper consent.

The suit, brought by plaintiffs Michael and Salena Garcia, alleges that Roblox has embedded hidden tracking code in its platform that collects personal information from users—often minors—without informing them or their parents. This includes keystrokes, chat logs, mouse movements, and search history, gathered across multiple devices and operating systems.

According to the 45-page complaint, Roblox uses persistent identifiers and fingerprinting techniques to monitor user behavior before they even log into an account. The data, allegedly tied to unique devices, is used to create detailed behavioral profiles that are then shared with third-party advertisers for targeted content. The plaintiffs argue that this practice violates federal privacy laws, including the Children’s Online Privacy Protection Act (COPPA), which requires verifiable parental consent before collecting data from children under 13.

The lawsuit highlights growing concerns over digital privacy and child safety on platforms that cater to young audiences. Security experts like Kern Smith of Zimperium note that while parents often focus on game content, the underlying security of the apps and devices their children use is equally important. “A compromised app or device can be a gateway for phishing attacks or data breaches,” Smith warned, adding that widely used apps like Roblox are prime targets for such threats.

If the court finds the claims credible, Roblox could face significant legal and financial consequences, as well as heightened regulatory scrutiny over how it handles user data. For now, the case is in early proceedings, and Roblox has not yet issued a public response. In the meantime, experts recommend that parents use mobile security tools with real-time protection to safeguard their children’s digital activities beyond just monitoring in-game behavior.