Jan 18, 2026 · 5 min read
Google Just Paid $8M for Tracking Kids—Your Gmail Gets the Same Treatment
Google settled a class action lawsuit this week for $8.25 million after getting caught secretly harvesting data from children through Android apps. The same tracking technology monitors your Gmail inbox every day.
What Google Actually Did
The lawsuit, which took two and a half years to resolve, alleged that Google's AdMob SDK—software embedded in children's apps—was silently "exfiltrating personal information" from minors. Apps labeled "Designed for Families" like Fun Kid Racing and GummyBear and Friends Speed Racing were supposed to be safe. Instead, they were surveillance tools.
Google collected device serial numbers, IP addresses, geolocation data, and behavioral patterns from children who had no idea they were being watched. A separate $30 million settlement covered similar violations through YouTube, where Google tracked viewing habits to serve targeted ads to kids.
The total damage: $38.25 million in settlements, plus the admission that Google's tracking infrastructure was operating on devices belonging to minors—in direct violation of the Children's Online Privacy Protection Act (COPPA).
The Technology Is Identical to Email Tracking
Here's what makes this case relevant to every Gmail user: the tracking techniques Google used on children are functionally identical to what happens in your inbox.
Email tracking pixels are tiny, invisible images (typically 1x1 pixels) embedded in marketing emails. When you open an email, the pixel loads from a remote server, instantly transmitting:
- Your IP address (which reveals your approximate location)
- Your device type and operating system
- The exact time you opened the message
- How long you spent reading it
Over 50% of all emails contain these invisible trackers. The BBC called spy pixels in email "endemic." And unlike children's apps, there's no federal law requiring your consent.
COPPA Protects Kids. Nothing Protects You.
COPPA exists because lawmakers recognized that children cannot meaningfully consent to data collection. The law requires verifiable parental consent before any personal information—including "persistent identifiers" like device IDs and IP addresses—can be collected from users under 13.
For adults? The rules evaporate.
| Protection | Children (COPPA) | Adults (U.S.) |
|---|---|---|
| Consent required | Yes, verifiable parental consent | Generally no—opt out at best |
| Tracking restricted | Yes | No federal restrictions |
| Penalties for violations | Up to $51,744 per violation | Limited enforcement |
The European Union's GDPR treats email tracking as "categorically prohibited without express user consent." But in the United States, if you're over 13, companies can track your inbox activity with nothing more than a line buried in their privacy policy.
How Email Tracking Works
The mechanics are surprisingly simple. A marketer includes an invisible image tag in their email. When you open the email, your email client requests that image from the server. The server logs the request along with your IP address, device fingerprint, and timestamp.
Some trackers go further. By analyzing your "User Agent" string, they can identify your operating system, browser, and email client. Combined with your IP address, this creates a profile that follows you across devices and platforms.
Modern inbox providers like Apple Mail and Gmail have started routing images through proxy servers, which masks some of this data. But the tracking industry has adapted. Link tracking—where every URL redirects through a monitoring server before reaching its destination—remains fully functional. When you click "unsubscribe," you're often confirming you exist to the very company you're trying to escape.
What You Can Do
The same scrutiny that caught Google tracking children should apply to your inbox. Here's how to fight back:
Disable automatic image loading. In Gmail, go to Settings → General → Images and select "Ask before displaying external images." This stops tracking pixels from loading automatically.
Use a tracking blocker. Extensions like Gblock detect and neutralize spy pixels before they can report back. Unlike manual image blocking, a dedicated blocker lets legitimate images through while stopping surveillance.
Treat click tracking like a threat. Before clicking any link in a marketing email, hover over it to see the actual URL. If it routes through a tracking domain, consider whether you really need to click.
Assume every marketing email is watching. Because statistically, it probably is.
The Bigger Picture
Google paid $38.25 million because tracking children without consent violates federal law. But the underlying technology—invisible data collection through embedded code—operates freely in adult inboxes worldwide.
The settlement isn't just about protecting kids. It's a reminder that the surveillance infrastructure is already built. It's in the apps on your phone. It's in the emails in your inbox. The only difference is whether the law decides to care.
For children, it does. For you, it doesn't—yet. Until that changes, the responsibility falls on you to protect yourself.
Your inbox doesn't need to be part of that equation.