Massive Fine Signals Shift in COPPA Enforcement: Apps Popular with Teens or Tweens Should Take Note

Published On March 1, 2019 | By Anna Hsia and Kandi Parsons | FTC & State AG, General, Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

In announcing the largest fine ever issued by the FTC for COPPA violations, the FTC also signaled a potential shift in the breadth of COPPA applicability—shedding light on factors that might make an app with a large user base appeal to children and for the first time enforcing the position that if “your service targets children as one of its audiences – even if children are not the primary audience– then your service is ‘directed to children.’” (emphasis added). Apps or online services that are popular with children, tweens, or teens, even if they also have significant non-child audiences, should evaluate whether modifications to their practices (including age-gating the service) are appropriate in light of this settlement. A joint statement by Commissioners Chopra and Slaughter filed with the settlement also signals a desire, at least by those Commissioners, to increase the scrutiny on corporate executives in connection with its investigations and to “hold accountable everyone who broke the law.”

Musical.ly, now known as TikTok, agreed to pay a $5.7 million civil penalty and to delete all the accounts for those users who are under 13 or for whom the App cannot verify age to resolve the FTC’s complaint alleging COPPA violations. Musical.ly operates a video social networking app where users can create videos and synchronize such videos with music. When registering for a Musical.ly account, users can provide a first and last name, online contact information, photos, videos, audio, and for some period of time, geolocation. Users can comment on other users’ videos, “follow” other users, and send them direct messages. And until October 2016, users could also use a feature in the app that allowed them to see all other users within a 50-mile radius. 

In its complaint, the FTC alleged that COPPA applied to Music.ly both because Music.ly directed its app to children and had actual knowledge it collected personal information from children under 13. While the actual knowledge allegations reflect the FTC’s long-standing position on these issues, of more significance, is the FTC’s finding that Music.ly directed its app to children as one audience. 

Musical.ly’s Actual Knowledge

Here, the FTC alleged Musical.ly had actual knowledge it was collecting personal information from children under 13 in part from (1) a review of users’ profile pictures and profiles showing children under 13; and (2) complaints from parents of children asking for deletion of accounts. The FTC also noted in the complaint how it appeared that seven of the most popular users on Musical.ly appeared to be children under 13. Musical.ly then allegedly reviewed its list of popular users and identified an additional 39 who appeared to be under 13. The company then sent messages to those users, asking them to edit their profiles to indicate that the accounts were being run by a parent or adult talent manager.

Music.ly is Directed to Children

In addition to alleging Muical.ly had actual knowledge it was collecting personal information from children under 13 (requiring the app to take certain actions with respect to those specific users), the FTC contended that the Musical.ly app is directed to children and thus subject to COPPA as a whole. In making its determination, the FTC cited the following factors:

  • Creating short videos lip-syncing to music and sharing these videos with other users is a “child-oriented activity.”
  • The App features music that appeals to children, such as Disney songs and songs relating to school.
  • The App contains simple tools, making it “easy for children to create and upload videos.”
  • The App allows users to send other users colorful emojis including cute animals and smiley faces.
  • Many users self-identify as under 13 in their bios or provide grade or school information indicating an age under 13.
  • Musicians popular with tweens like Ariana Grande have Musical.ly accounts.

Though the vast majority of the 65 million users in the United States were not children, the settlement appears to reflect the FTC’s position that if some of your audience includes children (even a relatively small percentage in light of total user base) and the online product includes some elements that may appeal to children, the online operator can be subject to COPPA as a service directed to children.

About The Authors

Anna Hsia maintains a diverse practice litigating complex business disputes and counseling clients on privacy issues. With broad litigation experience in unfair competition, false advertising, class actions, and other complex litigation, Anna guides clients through disputes in federal and state courts. As a Certified Information Privacy Professional, Anna has assisted clients with product development and compliance with privacy regulations such as the TCPA, HIPAA, COPPA, state-specific privacy regulations, the Gramm-Leach-Bliley Act, and the Fair Credit Reporting Act.

Kandi counsels clients on privacy and data security issues, online and general advertising, and marketing practices, including COPPA compliance, student privacy, and the Internet of Things. Kandi advises companies on collecting, protecting, and using consumer data and helps them develop and implement comprehensive privacy and security programs. Drawing on her tenure at the FTC, Kandi assists clients in responding to FTC and state AG enforcement actions. Prior to joining ZwillGen, Kandi spent eight years in the FTC’s Division of Privacy and Identity Protection. While at the FTC, Kandi served on detail for six months to the United States Senate, Committee on Commerce, Science, and Transportation.

Leave a Reply

Your email address will not be published. Required fields are marked *