Washington, DC - The operators of the video social networking app Musical.ly, now known as TikTok, have agreed to pay $5.7 million to settle Federal Trade Commission allegations that the company illegally collected personal information from children. This is the largest civil penalty ever obtained by the Commission in a children’s privacy case.
The FTC’s complaint, filed by the Department of Justice on behalf of the Commission, alleges that Musical.ly violated the Children’s Online Privacy Protection Act (COPPA), which requires that websites and online services directed to children obtain parental consent before collecting personal information from children under the age of 13.
“The operators of Musical.ly—now known as TikTok—knew many children were using the app but they still failed to seek parental consent before collecting names, email addresses, and other personal information from users under the age of 13,” said FTC Chairman Joe Simons. “This record penalty should be a reminder to all online services and websites that target children: We take enforcement of COPPA very seriously, and we will not tolerate companies that flagrantly ignore the law.”
The Musical.ly app allowed users to create short videos lip-syncing to music and share those videos with other users. To register for the app, it required users to provide an email address, phone number, username, first and last name, a short biography, and a profile picture. Since 2014, more than 200 million users have downloaded the Musical.ly app worldwide, while 65 million accounts have been registered in the United States.
In addition to creating and sharing videos, the app allowed users to interact with other users by commenting on their videos and sending direct messages. User accounts were public by default, which meant that a child’s profile bio, username, picture, and videos could be seen by other users. While the site allowed users to change their default setting from public to private so that only approved users could follow them, users’ profile pictures and bios remained public, and users could still send them direct messages, according to the complaint. In fact, as the complaint notes, there have been public reports of adults trying to contact children via the Musical.ly app. In addition, until October 2016, the app included a feature that allowed users to view other users within a 50-mile radius of their location.
The operators of the Musical.ly app were aware that a significant percentage of users were younger than 13 and received thousands of complaints from parents that their children under 13 had created Musical.ly accounts, according to the FTC’s complaint.
The complaint alleges that the operators of the Musical.ly app violated the COPPA Rule by failing to notify parents about the app’s collection and use of personal information from users under 13, obtain parental consent before such collection and use, and delete personal information at the request of parents.
In addition to the monetary payment, the settlement also requires the app’s operators to comply with COPPA going forward and to take offline all videos made by children under the age of 13.
The Commission vote to authorize the staff to refer the complaint to the Department of Justice and to approve the proposed consent decree was 5-0. Commissioner Rohit Chopra and Commissioner Rebecca Kelly Slaughter issued a separate statement.
The DOJ filed the complaint and proposed consent decree on behalf of the Commission in the U.S. District Court for the Central District of California. NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. Consent decrees have the force of law when approved and signed by the District Court judge.
The FTC would like to thank the Better Business Bureau’s Children’s Advertising Review Unit (CARU) for helping to bring attention to this matter.