The U.S. Federal Trade Commission and the Justice Department Sue TikTok for Allegedly Violating Children’s Online Privacy Protection Act
Introduction
In a major move to protect children online, the U.S. Federal Trade Commission (FTC) and the Justice Department have filed a lawsuit against TikTok and its parent company, ByteDance. The lawsuit alleges that TikTok has knowingly violated the Children’s Online Privacy Protection Act (COPPA), a law that requires digital platforms to notify and obtain parents’ consent before collecting and using personal data from children under the age of 13.
Allegations Against TikTok
The FTC’s Press Release
According to the FTC’s press release, issued on Friday, TikTok and ByteDance were allegedly aware of the need to comply with COPPA yet spent years knowingly allowing millions of children under 13 on their platform. The FTC alleges that TikTok did so even after settling with the FTC in 2019 over COPPA violations, as part of which TikTok agreed to pay $5.7 million and implement steps to prevent kids under 13 from signing up.
The Allegations Unfold
As of 2020, TikTok had a policy of maintaining accounts of children that it knew were under 13 unless the child made an explicit admission of age and other rigid conditions were met. The FTC writes in the press release: "TikTok human reviewers allegedly spent an average of only five to seven seconds reviewing each account to make their determination of whether the account belonged to a child." This lack of effort is staggering, especially considering the importance of protecting children’s data.
Data Collection and Usage
The FTC also found issue with TikTok Kids Mode, TikTok’s supposedly more COPPA-compliant mobile experience. Kids Mode collected "far more data" than needed, the FTC alleges, including info about users’ in-app activities and identifiers that TikTok used to build profiles (and shared with third parties) to try to prevent attrition. When parents requested that their child’s accounts be deleted, TikTok made it difficult, the FTC said, and often failed to comply with those requests.
The Impact on Children
The FTC chair, Lina Khan, stated in a press release: "TikTok knowingly and repeatedly violated kids’ privacy, threatening the safety of millions of children across the country." The FTC will continue to use the full scope of its authorities to protect children online—especially as firms deploy increasingly sophisticated digital tools to surveil kids and profit from their data.
Response From TikTok
A Statement from TikTok
TikTok responded to the allegations with a statement: "We disagree with these allegations, many of which relate to past events and practices that are factually inaccurate or have been addressed." The company stated that it is proud of its efforts to protect children and will continue to update and improve the platform. To that end, TikTok offers age-appropriate experiences with stringent safeguards, proactively removes suspected underage users, and has voluntarily launched features such as default screen time limits, Family Pairing, and additional privacy protections for minors.
Proposed Fines and Injunction
Civil Penalties
The FTC and Justice Department propose fining TikTok and ByteDance civil penalties up to $51,744 per violation per day and a permanent injunction to prevent future COPPA violations. These fines are a significant deterrent, demonstrating the importance of complying with children’s online privacy protection laws.
Conclusion
The lawsuit against TikTok and ByteDance is a major step in protecting children online. The allegations made by the FTC and Justice Department highlight the need for digital platforms to prioritize children’s data security and obtain parents’ consent before collecting and using their personal information. As technology continues to evolve, it is essential that companies like TikTok take responsibility for ensuring the safety and well-being of their users, particularly vulnerable groups such as children.
Recommendations
- Prioritize Children’s Data Security: Companies must prioritize children’s data security by implementing robust measures to protect their personal information.
- Obtain Parents’ Consent: Digital platforms should obtain parents’ consent before collecting and using children’s personal data, as required by COPPA.
- Regular Audits and Updates: Regular audits and updates are necessary to ensure that companies comply with evolving laws and regulations, including those related to children’s online privacy.
By following these recommendations, we can create a safer online environment for children, where their data is protected and their well-being is prioritized.
