Just a couple days after we reported that TikTok was taking some great steps toward better user control over social media*, we find that they’re doing the opposite. So to speak. The Federal Trade Commission (FTC) send out a release today revealing the full extent of the truth. The creators of the app, formerly called Musical.ly, now called TikTok, have agreed to pay a fine to the tune of $5.7 million USD for their part in collecting personal information from children under the age of 13.
Those responsible for running TikTok wittingly collected personal information from people too young to consent to giving up said information for themselves. In other words, they “knew many children were using the app but they still failed to seek parental consent before collecting names,” said FTC Chairman Joe Simons in a statement from the FTC this afternoon.
COPPA stands for Children’s Online Privacy Protection Act, and it’s the FTC’s job to enforce its contents. The FTC summarizes the rule as follows: “COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.” You can read the full COPPA text at FTC’s rules listing.
*That update I mentioned is a sort of keyword filter for comments. Not that it matters much now…
The app – still called Musical.ly when this situation first started to take shape – was acquired by ByteDance Ltd. in December of 2017, and merged with the original TikTok app in August of 2018.
According to the FTC, the original Musical.ly app required that a user enter all of the following information in order to register for use:
• Username (Not real name)
• First and Last Name (Yes, real name)
• Email address
• Phone Number (Yes, really)
• A short biography
• A profile picture
The FTC listed the following features of Musical.ly that, to a SlashGear reader, must seem like complete absurdities, especially in retrospect. Remember to keep in mind that the problem here was that all of these features were active for users that were children under the age of 13, too.
• Profiles public by default
• If made private, profiles still showed Pictures, Bios, and Usernames publicly.
• Private profiles can still be sent private messages.
• “My City” feature (now inactive) allowed users to see other users within a physical 50-mile radius.
• “My City” feature allowed users to message and interact with users as noted.
• Location tracking in general.
• No way to delete account save emailing the operators of the app.
Musical.ly operators were accused of the following:
• Making no attempt to stop those under the age of 13 from using the app.
• Continuing to operate knowing “a significant percentage of users” were under the age of 13.
• Continuing to operate despite “thousands of complaints from parents.”
• Failing to delete personal information at the request of parents.*
• Failing to notify parents about the apps’ collection and use of personal information from users under 13.
• Failing to obtain parental consent before personal information collection and use.
*According to the official complaint on the FTC website, during the one-week period between September 15, 2016 and September 30, 2016, over 300 complaints from parents were received by Musical.ly, asking that they close the accounts. While some (or all) accounts were closed, none of these users’ videos or profile information were deleted from Musical.ly’s servers.
This all came to a head in December of 2016, when in a public interview, one co-founder of Musical.ly was questioned about how at least 7 of the most popular accounts on the app were users under the age of 13.
As a direct result, in February of 2017, Musical.ly owners sent messages to 46 user accounts who appeared to be ages 13 or younger. In the message, Musical.ly told users under 13 “to edit their profile description to indicate that their accounts were being run by a parent or adult talent manager,” said the official complaint. Musical.ly operators then took no actions to make certain those users were actually on the app with an adult’s consent whatsoever.
The FTC decided that the penalty for all of this was that Musical.ly pay a total of $5.7 million USD civil penalty. The settlement also included the requirement that the operators of the app take offline all videos made by children under the age of 13. The settlement also, as should be obvious, requires that the app operators comply with COPPA into the future.
The decision in the case’s outcome and penalty was approved in the FTC by a vote of 5-0.
Why this all matters
Of interest for the future is a bit of information shared by FTC Commissioner Rohit Chopra and Commissioner Rebecca Kelly Slaughter in a statement on the case. In the statement, they suggested that due in no small part to the case at hand, FTC investigations of this sort should change in the near future. They suggested that FTC investigations “typically focus on individual accountability only in certain circumstances – and the effect has been that individuals at large companies have often avoided scrutiny.” They went on to assert that this should not be allowed to happen in the future.
“Executives of big companies who call the shots as companies break the law should be held accountable,” wrote the FTC commissioners.
This could well be a sign that accountability is back in Washington DC – or at least is clawing its way back to the surface after having been pushed down a well. Cross your fingers this is the start of something good and righteous across the industry. If I were Facebook, Twitter or any other major social network, I’d keep my eyes peeled, as this may just be the beginning of a major info privacy legal backlash extravaganza.
You can learn more about this case in the official case listing. The case can be found over at the listing hosted by the FTC right this minute.