In announcing the largest fine ever issued by the FTC for COPPA violations, the FTC also signaled a potential shift in the breadth of COPPA applicability—shedding light on factors that might make an app with a large user base appeal to children and for the first time enforcing the position that if “your service targets children as one of its audiences – even if children are not the primary audience– then your service is ‘directed to children.’” (emphasis added). Apps or online services that are popular with children, tweens, or teens, even if they also have significant non-child audiences, should evaluate whether modifications to their practices (including age-gating the service) are appropriate in light of this settlement. A joint statement by Commissioners Chopra and Slaughter filed with the settlement also signals a desire, at least by those Commissioners, to increase the scrutiny on corporate executives in connection with its investigations and to “hold accountable everyone who broke the law.”
Musical.ly, now known as TikTok, agreed to pay a $5.7 million civil penalty and to delete all the accounts for those users who are under 13 or for whom the App cannot verify age to resolve the FTC’s complaint alleging COPPA violations. Musical.ly operates a video social networking app where users can create videos and synchronize such videos with music. When registering for a Musical.ly account, users can provide a first and last name, online contact information, photos, videos, audio, and for some period of time, geolocation. Users can comment on other users’ videos, “follow” other users, and send them direct messages. And until October 2016, users could also use a feature in the app that allowed them to see all other users within a 50-mile radius.
In its complaint, the FTC alleged that COPPA applied to Music.ly both because Music.ly directed its app to children and had actual knowledge it collected personal information from children under 13. While the actual knowledge allegations reflect the FTC’s long-standing position on these issues, of more significance, is the FTC’s finding that Music.ly directed its app to children as one audience.
Musical.ly’s Actual Knowledge
Here, the FTC alleged Musical.ly had actual knowledge it was collecting personal information from children under 13 in part from (1) a review of users’ profile pictures and profiles showing children under 13; and (2) complaints from parents of children asking for deletion of accounts. The FTC also noted in the complaint how it appeared that seven of the most popular users on Musical.ly appeared to be children under 13. Musical.ly then allegedly reviewed its list of popular users and identified an additional 39 who appeared to be under 13. The company then sent messages to those users, asking them to edit their profiles to indicate that the accounts were being run by a parent or adult talent manager.
Music.ly is Directed to Children
In addition to alleging Muical.ly had actual knowledge it was collecting personal information from children under 13 (requiring the app to take certain actions with respect to those specific users), the FTC contended that the Musical.ly app is directed to children and thus subject to COPPA as a whole. In making its determination, the FTC cited the following factors:
- Creating short videos lip-syncing to music and sharing these videos with other users is a “child-oriented activity.”
- The App features music that appeals to children, such as Disney songs and songs relating to school.
- The App contains simple tools, making it “easy for children to create and upload videos.”
- The App allows users to send other users colorful emojis including cute animals and smiley faces.
- Many users self-identify as under 13 in their bios or provide grade or school information indicating an age under 13.
- Musicians popular with tweens like Ariana Grande have Musical.ly accounts.
Though the vast majority of the 65 million users in the United States were not children, the settlement appears to reflect the FTC’s position that if some of your audience includes children (even a relatively small percentage in light of total user base) and the online product includes some elements that may appeal to children, the online operator can be subject to COPPA as a service directed to children.
*** This is a Security Bloggers Network syndicated blog from Law Across the Wire and Into the Cloud authored by Anna Hsia. Read the original post at: https://blog.zwillgen.com/2019/03/01/massive-fine-signals-shift-in-coppa-enforcement/