by LawInc Staff
August 2, 2024
A massive federal lawsuit against TikTok‘s parent company ByteDance has put the wildly popular social media platform in legal peril. On August 2, 2024, the U.S. Department of Justice filed a complaint alleging ByteDance knowingly and repeatedly violated children’s privacy laws on a huge scale, collecting and using data from millions of young TikTok users without parents’ consent.
Whether you’re a parent, educator, policymaker or just a curious TikTok user, get up to speed on the legal issues, latest developments and high stakes involved as the U.S. government takes on one of the world’s biggest tech giants for allegedly exploiting children’s information.
1. Understand the Key Laws TikTok Allegedly Violated
-
- Children’s Online Privacy Protection Act (COPPA): Requires consent from parents to collect data from kids under 13.
- COPPA Rule: Mandates specific privacy safeguards for children’s data.
- FTC Act Section 5: Disallows deceptive and unfair business practices.
- 2019 Federal Court Order: Required TikTok to delete underage data and reform practices.
- Potential Fines: Up to $51,744 per COPPA violation after Jan. 10, 2024.
Examples:
-
- TikTok allegedly knew it collected personal info like names and email addresses from millions of children without parental permission.
- The company purportedly tracked kids with persistent identifiers to serve them targeted ads, violating COPPA’s limits.
- TikTok settled similar charges in 2019 and agreed to a consent decree, but allegedly continued breaking kids’ privacy rules.
- The DOJ claims TikTok failed to make direct parental notifications and establish an adequate consent system for underage signups.
- With approximately 37.5 million U.S. users under 18, even a small fraction of COPPA violations could lead to billions in civil penalties under the FTC Act.
How to Proceed:
-
- Review the full text of COPPA, the COPPA Rule and Section 5 of the FTC Act to understand the legal foundation of the case.
- Read the 2019 FTC settlement with TikTok and resulting federal court order to see what changes the company previously agreed to make.
- Research how COPPA’s parental consent, data collection limits and privacy policy rules apply to social media and video platforms.
- Learn about the FTC’s authority to seek large civil fines for COPPA violations and how those penalties are calculated.
- Consider the broader implications of the case for modernizing children’s online privacy safeguards and reining in Big Tech.
FAQs:
-
- Does COPPA apply to TikTok even though it’s based in China? Yes, COPPA covers foreign companies that collect info from children in the US.
- How does COPPA define personal information? Broadly, including names, contact info, photos, videos, persistent IDs used for tracking, and more.
- Can TikTok legally collect any data from young kids? Only with clear, verifiable parental consent, with limited exceptions for one-time contact.
- What if TikTok didn’t know a user was under 13? COPPA applies if they had “actual knowledge” of underage data collection.
- Are the potential fines high? The FTC can seek up to $51,744 per violation, which can add up with millions of underage users.
2. Grasp the Scope & Severity of TikTok’s Alleged Misconduct
-
- Millions of Underage Accounts: TikTok’s own data review found a huge portion of users were likely under 13.
- Inadequate Age Checks: Kids could easily bypass or retry signup age gates.
- Tracking & Profiling Children: TikTok compiled data on young users to fuel its ad algorithms.
- Ignored Parental Consent: No mechanism to confirm parents approved underage signups.
- Failed to Delete Kid Data: TikTok kept info on known child accounts for months or years.
Examples:
-
- Internal TikTok data found its 14 & under US user numbers far exceeded census estimates, suggesting millions of underage signups.
- Until late 2020, kids who entered an under-13 birthday could just close the app and retry with an older age to pass the gate.
- TikTok gathered dozens of data points on young users to feed its algorithm training and ad targeting systems.
- Even when parents directly asked TikTok to delete their child’s account and data, it often failed to fully comply.
- TikTok’s own system flagged accounts as “Suspected Underage User” but didn’t delete them, letting more kid data accumulate.
How to Proceed:
-
- Review the full DOJ complaint to see how TikTok allegedly allowed millions of underage signups despite internal concerns.
- Note evidence of how easily kids could get around TikTok’s age verification by trying different birthdays until accepted.
- Consider how TikTok compiled profiles on young users combining activity data, device IDs and inferences to power its algorithms.
- See how TikTok made it hard for parents to request deletion of kid accounts/data and often didn’t fully comply when asked.
- Assess claims TikTok kept data from accounts its own systems flagged as underage rather than promptly deleting per COPPA rules.
FAQs:
-
- How did TikTok determine millions of users were likely underage? By comparing self-reported age data to reliable census figures.
- Didn’t TikTok make a “Junior” app for young kids? Yes, but the main app still allegedly allowed scores of under-13 signups.
- What kind of data does TikTok collect on young users? User activity, videos, device/ad IDs, cookies, metadata and third-party info.
- Are there exceptions to getting parental consent? Only for one-time contact like an emailed question, not ongoing data tracking.
- How long does TikTok keep user data flagged as underage? For some data like activity logs, up to 18 months after the account is marked.
3. Explore How TikTok Allegedly Dodged & Defied Regulators
-
- Violated 2019 FTC Order: TikTok agreed to reform its practices but DOJ says it kept breaking rules.
- Hid Internal Discussions: Staff used features to auto-delete sensitive chats about compliance.
- Ignored “Actual Knowledge” of Kid Accounts: TikTok didn’t act on red flags of underage use.
- Set High Bar to Delete Data: Strict criteria meant many kid accounts slipped through cracks.
- Misled Regulators: 2020 TikTok statement claimed kid data deleted despite retaining info.
Examples:
-
- A 2018 internal TikTok chat acknowledged keeping data on users it knew were under 13, defying COPPA age limits.
- Until 2023, TikTok staff used a “recall” feature that let them permanently delete compliance discussions in private chats.
- TikTok only deleted accounts explicitly saying “I am under 13,” ignoring other red flags of underage use like “I am in 5th grade.”
- Moderators reviewing accounts flagged as “Suspected Underage User” had to check several strict boxes to delete the data.
- After saying in June 2020 it deleted all required underage data, TikTok admitted still holding such info in hidden locations.
How to Proceed:
-
- Research the terms of TikTok’s 2019 FTC settlement and how the DOJ says the company failed to comply with the resulting court order.
- Review evidence of how TikTok staff used auto-delete features to erase sensitive internal discussions about youth data practices.
- Examine claims TikTok intentionally kept a high bar for deleting underage accounts despite seeing red flags of likely COPPA violations.
- Assess how TikTok’s strict underage account criteria meant many profiles of young kids stayed active and kept accumulating data.
- Consider the seriousness of allegedly false statements to the FTC about TikTok’s data deletion compliance in the 2019 case.
FAQs:
-
- What changes did TikTok agree to in the 2019 FTC settlement? To delete certain underage data, reform its practices and submit compliance reports.
- How could TikTok staff auto-delete compliance chats? Using a “recall” function in internal messaging systems like Lark/Feishu.
- What counts as “actual knowledge” of an underage user? Direct red flags like the user revealing their true age or grade in school.
- How hard was it for TikTok to confirm an account was underage? Moderators had to find an explicit statement like “I am 12 years old.”
- What are the false FTC statement penalties? Steep fines and sanctions as such conduct seriously undermines enforcement.
4. Learn Key Strategies to Protect Your Family’s Privacy
-
- Monitor Kids’ App Usage: Regularly check your children’s devices, profiles and privacy settings.
- Use Parental Controls: Enable filters restricting downloads/access to age-appropriate content.
- Avoid Oversharing: Remind kids not to post sensitive personal/family info on social media.
- Update Privacy Settings: Toggle social media options to max privacy and limit data sharing.
- File Complaints: Report potential COPPA violations to the FTC for investigation.
Examples:
-
- Jenna checks her tween’s phone weekly to see what new apps they’ve downloaded and what data sharing permissions they involve.
- Marco set up Screen Time limits and content restrictions on his kids’ tablets to prevent them from accessing certain apps and sites.
- Kim reminded her teen not to post their full name, address or school online and to be wary of chatting with strangers.
- Aaliyah walked her kids through updating their TikTok privacy settings to avoid public sharing of their posts, data and DMs.
- When an app popular with his kids had a data breach, Tyrell reported it to the FTC and had his kids change their passwords.
How to Proceed:
-
- Set expectations with your kids about your right to monitor their devices, accounts and online activity to protect their safety.
- Use built-in parental controls on devices and filters on browsers, search engines and streaming services.
- Establish family rules about not sharing personal details online and keeping accounts private rather than public.
- Double check your own and kids’ social media privacy settings and adjust to aim for “Friends Only” wherever possible.
- Stay alert to data breaches or privacy violations in apps/sites your family uses and report concerns to the FTC.
FAQs:
-
- Is it legal to check my child’s phone and online accounts? Yes, especially for younger kids, but teens deserve transparency about monitoring too.
- What parental controls are most important to enable? Content filters, screen time limits, download/purchase restrictions and GPS tracking.
- Should I forbid my kid from using TikTok? Not necessarily, but enable max privacy settings and actively monitor their usage and contacts.
- How can I determine if an app is misusing my child’s data? Red flags include behavioral ad targeting, unexplained charges or requests for excess info.
- Where do I report an app for COPPA violations? File a complaint at ftc.gov/complaint or call 1-877-FTC-HELP.
Summary
The DOJ’s blockbuster lawsuit against TikTok offers a master class in how social media giants can run afoul of COPPA safeguards on a mass scale. From deficient age checks enabling millions of underage signups to collecting and profiling kid data without parental consent, the case outlines a playbook of alleged violations.
While the eye-popping fine figures garner headlines, the complaint’s deeper lessons lie in the ongoing challenges regulators face in reining in Big Tech’s voracious appetite for user data, especially when it comes to vulnerable young consumers. For families, the case is a sobering reminder of the privacy risks kids face online and the importance of proactive steps to monitor evolving threats.
As the lawsuit winds through court, expect renewed pressure on policymakers to put more teeth into COPPA and expand its protections to cover teens, not just tots. Meanwhile, the onus remains on parents to lock down privacy settings, vet apps closely and model responsible digital habits. While perfection is impossible, the TikTok case shows the high stakes of failing to safeguard children’s data in an ever-tracking world.
Test Your TikTok Lawsuit & COPPA Knowledge
Questions: The TikTok Lawsuit
-
- 1. What federal agency sued TikTok in the 2024 complaint?
- A) Federal Trade Commission (FTC)
- B) Department of Justice (DOJ)
- C) Federal Communications Commission (FCC)
- D) Consumer Financial Protection Bureau (CFPB)
- 2. How many underage TikTok users did the lawsuit allege?
- A) Thousands
- B) Hundreds of thousands
- C) Millions
- D) Billions
- 3. What prior action did the FTC take against TikTok?
- A) 2019 lawsuit & settlement order
- B) 2020 privacy warning letter
- C) 2021 congressional testimony
- D) 2022 security audit
- 4. What key evidence did the DOJ cite against TikTok?
- A) Internal emails & chats
- B) Whistleblower testimony
- C) Security researcher findings
- D) All of the above
- 5. How much could TikTok be fined per violation?
- A) Up to $5,000
- B) Up to $51,744
- C) Up to $250,000
- D) Up to $1 million
- 1. What federal agency sued TikTok in the 2024 complaint?
Answers: The TikTok Lawsuit
-
- 1. B) The Department of Justice filed the August 2024 lawsuit against TikTok in federal court in California.
- 2. C) The complaint alleges TikTok had millions of underage userson its platform, based on the company’s own internal data and analyses.
- 3. A) In 2019, the FTC sued TikTok’s predecessor company Musical.ly over similar COPPA issues, resulting in a settlement order TikTok later allegedly violated.
- 4. A) The DOJ complaint cites internal TikTok emails and employee chat messages discussing underage users and compliance problems.
- 5. B) Under the FTC Act, TikTok could face civil penalties up to $51,744 per COPPA violation after January 10, 2024.
Questions: COPPA Basics
-
- 1. What does COPPA stand for?
- A) Children’s Online Privacy Protection Act
- B) Child Online Personal Privacy Agreement
- C) Consumer Online Protections & Policies Act
- D) Computer Operations, Programs & Parental Advisories
- 2. What age group does COPPA aim to protect?
- A) Under 13
- B) Under 16
- C) Under 18
- D) Under 21
- 3. When did COPPA first take effect?
- A) 1990
- B) 1998
- C) 2000
- D) 2010
- 4. What’s a key requirement for sites/apps under COPPA?
- A) Post a detailed privacy policy
- B) Get verifiable parental consent
- C) Allow parents to review collected data
- D) All of the above
- 5. Which agency enforces COPPA compliance?
- A) Department of Commerce
- B) Federal Trade Commission
- C) Department of Education
- D) Federal Communications Commission
- 1. What does COPPA stand for?
Answers: COPPA Basics
-
- 1. A) COPPA stands for the Children’s Online Privacy Protection Act, governing youth data practices by sites and apps.
- 2. A) COPPA’s core protections apply to the digital data privacy and safety of children younger than 13 years old.
- 3. C) While COPPA was originally passed by Congress in 1998, the law first took effect in April 2000 under FTC rules.
- 4. D) COPPA requires covered sites/apps to do all these things to protect kids’ online privacy and give parents control.
- 5. B) The Federal Trade Commission is the primary federal agency in charge of enforcing and interpreting COPPA’s requirements.
Disclaimer
The information provided in this article discussing the 2024 DOJ lawsuit against TikTok and ByteDance over alleged COPPA violations is for general educational and informational purposes only. It does not constitute formal legal analysis or advice.
Laws, regulations and case details may have changed since the article’s publication. How the court rules on particular issues and potential liability and penalties will depend on the specific facts and legal arguments raised.
For legal guidance on COPPA compliance for your specific website, app or situation, please consult an experienced attorney well-versed in online privacy and data protection laws and regulations in your jurisdiction. Most reputable law firms specializing in these matters offer initial consultations to evaluate your circumstances and advise you of your rights and obligations.
Also See
Classroom Confidential: Inside the Explosive Lawsuit Challenging California’s AB 1955