The U.S. government sues TikTok for failing to safeguard the privacy of its young users – those under the age of 13.
In a joint action, the U.S. Department of Justice (DOJ) and the Federal Trade Commission (FTC) filed a civil lawsuit against TikTok Inc., ByteDance Ltd., and their affiliates in the U.S. District Court for the Central District of California. The lawsuit alleges violations of the Children’s Online Privacy Protection Act (COPPA) and its implementing regulations in connection with the popular TikTok app.
COPPA safeguards the privacy of children under 13 by prohibiting website operators from knowingly collecting, using, or disclosing their personal information without verifiable parental consent. The law also mandates that operators delete children’s data upon parental request.
“For years, Defendants have knowingly allowed children under 13 to create and use TikTok accounts without their parents’ knowledge or consent, have collected extensive data from those children, and have failed to comply with parents’ requests to delete their children’s accounts and personal information.” – DoJ and FTC
Repeat Offender: TikTok Accused of Failing to Protect Children
The complaint details that since 2019, TikTok has knowingly allowed children to create accounts on the regular platform, enabling them to share videos and messages with adults. This exposed them to extensive data collection and potentially inappropriate content. Additionally, the company allegedly collected personal information from children using “Kids Mode,” a supposedly safer version of the app, without parental consent. Furthermore, the lawsuit claims that TikTok failed to honor requests from parents to delete their children’s accounts and data.
“The Department is deeply concerned by TikTok’s ongoing collection and retention of children’s data, defying a court order. This action aims to ensure TikTok upholds its responsibility to protect children’s privacy rights,” said Acting Associate Attorney General Benjamin Mizer.
U.S. Government Sues TikTok for Failing to Follow Court Order
Despite a prior court order requiring COPPA compliance, the complaint alleges that TikTok:
- Possessed weak internal procedures for identifying and removing children’s accounts.
- Continued to collect and retain children’s data.
- Exposed millions of children under 13 to potential risks.
“TikTok’s repeated violations of children’s privacy threaten the safety of millions of children nationwide,” FTC Chair Lina Khan said. The FTC will continue to leverage its full authority to protect children online, especially as companies exploit increasingly sophisticated digital tools to track and profit from children’s data.
TikTok Could Be Made to Pay ‘Bigger’ Fine
The lawsuit seeks civil penalties and injunctive relief to ensure TikTok fulfills its legal obligation to protect children’s privacy and respects parents’ efforts to safeguard their children online.
Paul Bischoff, Consumer Privacy Advocate at Comparitech, compared this case to successful suits against Epic (Fortnite) and Google (YouTube). “Those companies allowed children under 13 to create accounts without parental consent and made money from ads targeted at those accounts, resulting in two of the largest COPPA fines in history. If the U.S. Justice Department is successful, TikTok’s payout could be even bigger,” Bischoff told The Cyber Express.
“Let’s be clear: This case is not about TikTok being a Chinese company or its relationship with China – the underlying reason that many politicians argue we should ban TikTok in the U.S. altogether. Unlike those unfounded claims that accuse TikTok of propaganda, censorship, and spying on behalf of the Chinese government, the Justice Department’s case does not seem to be political. It’s just enforcing the law.”
The DOJ’s lawsuit came on the same day as the UK privacy watch dog sent notices to 11 social media and video streaming platforms for violating a similar “Children’s Code” violation, per the UK’s data protection laws that protect kids under the age of 13 years. The ICO, however, did not disclose which platforms were notified.
