Protecting the privacy of children’s online personal data is complicated and challenging. The problems are made more difficult by the fact that, seemingly, children are happy to skirt and evade the various efforts made by online platforms to protect their privacy and by the fact that data collection businesses are happy if those efforts succeed. A case in point is the recent action filed by the federal Department of Justice (on behalf of the Federal Trade Commission (“FTC”)) alleging that TikTok violated the Children’s Online Privacy Protection Act (“COPPA”). TikTok is owned by a Chinese company called ByteDance Ltd.. ByteDance is now being sued in federal court in California. See the media report here.
COPPA was enacted with the intent of protecting children’s online privacy. Generally, COPPA bans websites from knowingly collecting data about children — under the age of 13 — without parental consent. More specifically (and in simplified form), COPPA requires websites to:
- Post privacy policies — that are clear, understandable, and complete — about data collected about children, including what data is collected, how data is used, to whom and under what circumstances the data is disclosed, shared, sold, and more
- Send such privacy policies directly to parents
- Obtain verifiable parental consent prior to collecting and using their children’s personal data
- Allow parents to see what personal data has been collected about their children
- Allow parents the ability to request the deletion of personal data about their children
Companies that violate COPPA can be punished with civil penalties of up to more than $51,000 per violation per day. Enforcement is handled most directly by the FTC. TikTok settled a 2019 allegation of COPPA violations for $5.7 million.
The specific allegations in this case are that TikTok used account-creation procedures that enabled millions of children under the age of 13 to establish accounts where either the user’s age was not verified or was assumed to be older than 13. Allegedly, these accounts were created without parental knowledge or consent.
At this point, the allegations are unverified. But, we can comment that account-creation procedures that avoid age verification are the most effective method of avoiding the COPPA requirements. After all, COPPA prohibits the knowing collection and use of data about kids. But, if you do not know the age of the user, there can be no violation (or so the idea goes).
The TikTok case presents another issue with respect to online platforms and data collection. As noted, TikTok is owned by a Chinese company. As such, TikTok has come under scrutiny by U.S. lawmakers. There are allegations that since TikTok collects significant quantities of data about users — of all ages — that data is being turned over to the Chinese government. This, according to lawmakers and other U.S. officials, creates a national security risk.
This raises another issue why it can be so difficult to enforce privacy laws: some online platforms may not care about violating the privacy law. In other words, if the allegations of Chinese spying are true, then civil fines of up to more than $51,000 per violation per day will not serve as a deterrence.
Contact Internet Law and Data Privacy Attorneys At Revision Legal
For more information, contact the experienced internet lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.