The complaint states that under those terms, issued via consent decree, "TikTok agreed to...destroy all personal information collected from users under 13 years of age. In fact, however,...we found that TikTok currently has many regular account holders who are under age 13, and many of them still have videos of themselves that were uploaded as far back as 2016."
Moreover, contrary to the agreed-upon terms, "TikTok fails to make reasonable efforts to ensure that a parent of a child receives direct notice of its practices regarding the collection, use, or disclosure of personal information. Indeed, TikTok does not at any point contact the child's parents to give them notice and does not even ask for contact information for the child's parents."
A TikTok spokesperson said in a statement that the company takes privacy "seriously and (we) are committed to helping ensure that TikTok continues to be a safe and entertaining community for our users."
The company said it has put in place "view-only" TikTok experiences for users who are under 13 in the U.S., which bars them from sharing personal information and "extensively" limits content and user interaction so that they cannot share videos, comment on videos, message users, or maintain a profile or followers. But, of course, that is dependent on the user not lying about their age.
There is also a separate privacy policy for younger users that involves the collection of only limited information, including username, password and birthday, the company said. TikTok collects information like device ID, its IP address, videos watched and other usage data automatically.
The company is vague about how that information is shared, but does note on its website that it's shared with the company's "corporate group and service providers as necessary for them to perform a business purpose, professional service, or technology support function for us."
Culver City-based TikTok, which is owned by Beijing-based technology firm ByteDance Ltd., has received much scrutiny from the national security community. The app is no longer allowed on Australian Defense Department devices following a similar ban by the Pentagon due to national security concerns surrounding China's potential access to data. ByteDance has said that all U.S. user data is stored in the United States and Singapore, not on Chinese servers.
But TikTok's legal issues don't stop there.
"They're being sued all over the place," noted Cynthia Cole, special counsel at Palo Alto-based Baker Botts, specializing in data privacy and technology. "This is just the beginning."
Just this year, regulatory authorities have reportedly called for separate investigations into TikTok regarding privacy concerns in Colombia, the Netherlands and Italy. In the U.S., TikTok is currently fighting multiple class action lawsuits.
On Monday, a bipartisan group of senators urged the FTC to investigate the "collection and processing practices" of companies that market to children on the internet as it reviews the COPPA rule to ensure privacy safeguards are effective for kids online today.
The letter by Sens. Edward J. Markey, D-Mass., Josh Hawley, R-Mo., Richard Blumenthal, D-Conn, Bill Cassidy, R-La., Dick Durbin, D-Ill. and Marsha Blackburn, R-Tenn., was sent as the skyrocketing use of technology amid the COVID-19 pandemic prompted the FTC to fast-track its scheduled review of COPPA.
The letter noted that "children are a uniquely vulnerable population that deserve heightened privacy protections. The FTC should take extreme caution not to weaken – either purposefully or inadvertently – privacy protections under COPPA."
What Happens Now?
"The FTC will likely investigate, and if they do find that TikTok didn't adhere to (the consent decree), then there will be an additional fine that will be much more punitive," said Cole. She also noted that the regulatory body may be politically motivated to come down hard, in order to show their importance and make a case that they deserve more funding and authority in the future.
The FTC can fine up to $42,350 per violation, which in this case would be each user under the age of 13. It's unclear how many of TikTok's some 160 million users in the U.S. are underage.
And it could get even worse for TikTok. The havoc that the COVID-19 crisis has wrought on municipal coffers, Cole noted, could be "pretty significant motivation for states to bring their own actions."
California, which on January 1 of this year enacted the California Consumer Privacy Act (CCPA), is a prime candidate. That legislation will start being enforced July 1.
"This paves the way for CCPA enforcement," Cole said. "This could be an easy win for (California's Attorney General)."
And with a public paper trail, TikTok could become a relatively easy target for an ongoing spiral of litigation.
"This is the tip of the iceberg," said Cole.
- TikTok Under Scrutiny From Child Privacy Advocates - dot.LA ›
- How UGC and Covid-19 Are Changing Hollywood - dot.LA ›
- tiktok - dot.LA ›
- TikTok Threatens Legal Action Over Trumps Executive Order - dot.LA ›
- TikTok, The Weeknd and the Hunger for Virtual Audiences - dot.LA ›
- 'I'm a Patriot': US Employee Sues Trump Admin Over TikTok Ban - dot.LA ›
- Report: TikTok Fails to Police Political Ads on Its Platform - dot.LA ›