FTC Sues TikTok for COPPA Violations

The Federal Trade Commission (FTC) has initiated a lawsuit against TikTok, its parent company ByteDance, and affiliated companies for alleged violations of the Children's Online Privacy Protection Act (COPPA). The Department of Justice filed the suit on behalf of the FTC on August 2, 2024, in the U.S. District Court for the Central District of California.

The complaint accuses TikTok and ByteDance of knowingly and repeatedly violating children's privacy rights by failing to obtain parental consent before collecting and using personal information from users under 13 years old. This action also alleges that the companies infringed upon a 2019 FTC consent order that addressed previous COPPA violations.

FTC Chair Lina M. Khan stated, "TikTok knowingly and repeatedly violated kids' privacy, threatening the safety of millions of children across the country." She emphasized the FTC's commitment to protecting children online, especially as companies deploy sophisticated digital tools to surveil and profit from children's data.

According to the complaint, ByteDance and TikTok were aware of their obligations under COPPA and the 2019 consent order but chose to ignore compliance requirements. The FTC alleges that for years, the companies allowed millions of children under 13 to use the platform designated for users 13 and older, collecting their personal data without parental notification or consent.

The lawsuit details several concerning practices, including:

1. TikTok's policy of maintaining accounts of known underage users unless specific conditions were met.
2. Insufficient account review processes, with human reviewers spending only 5-7 seconds per account to determine a user's age.
3. The creation of "back doors" allowing children to bypass age verification measures.
4. Collection and use of personal information from children using TikTok Kids Mode, violating COPPA regulations.
5. Sharing of children's personal data with third parties like Facebook and AppsFlyer for targeted advertising.
6. Imposing unnecessary hurdles for parents attempting to delete their children's accounts and data.

The FTC is seeking civil penalties, which could amount to $51,744 per violation per day under the FTC Act. Additionally, the commission is requesting a permanent injunction to prevent future COPPA violations.

This legal action underscores the growing concern over data privacy and the protection of minors in the digital age. It also highlights the challenges faced by social media platforms in balancing user growth with regulatory compliance, especially concerning younger audiences.

The case will be decided by the court, and its outcome could have far-reaching implications for how social media companies handle children's data and privacy in the future. As this story develops, it will likely spark renewed discussions about online safety for children and the responsibilities of tech companies in safeguarding young users.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.