Whether in its former life as lip-synching app Musical.ly or its current rebrand as TikTok, the short-form video platform has always courted a youthful demographic. And in the past, its stance on obtaining user consent was, let’s say, inattentive. For both these reasons, it’s now the recipient of the largest civil penalty for violating the online privacy of children.
COPPA—the Children’s Online Privacy Protection Act—compels companies that intend to collect personal information to obtain parental consent from users under age 13. According to the Federal Trade Commission, parent company Musical.ly Inc. was “aware that a significant percentage of users were younger than 13 and received thousands of complaints from parents.”
Among the information potentially captured by the app were email addresses, phone numbers, first and last names, and photos. A spokesperson for the company declined to comment on what percentage of users were potentially under 13 but stated that since the app’s rebrand to TikTok last August, it has always had an age gate prompting users to affirm that they’re 13 or older.
A tech company’s flagrant disregard for privacy laws is old hat by now, but the combination of an open messaging structure, automatically public profile pages, and a large underage contingent led to “public reports of adults trying to contact children via the Musical.ly app,” the FTC said. Beyond complying with COPPA going forward and deleting stored data at the request of parents, Musical.ly Inc. will be coughing up a hefty $US5.7 ($8) million fine.
In a company blog post, TikTok states that starting today, it has “implemented changes to accommodate younger US users in a limited, separate app experience that introduces additional safety and privacy protections designed specifically for this audience … [which] does not permit the sharing of personal information, and it puts extensive limitations on content and user interaction.”