In the largest Federal Trade Commission (FTC) settlement to date for a violation of the Children's Online Privacy Protection Act (COPPA), California-based mobile video app company Musical.ly (now TikTok) will pay $5.7 million to settle charges that it violated COPPA when it knowingly collected personal information of potentially millions of users under age 13 without parental consent. In addition to the penalty, Musical.ly agreed to destroy all collected personal information from users under 13 and comply with COPPA. 

The case was brought to the FTC's attention last year by the Children's Advertising Review Unit (CARU), the national advertising self-regulatory body, when Musical.ly refused to agree to adopt CARU's recommendations on COPPA compliance. According to the FTC press release, more than 200 million people (65 million in the U.S.) downloaded the Musical.ly app. The app allows users to create and upload videos of themselves lip-synching along to popular tunes and share them with other users. To register, users were required to provide an email address, phone number, username, first and last name, short bio, and profile picture, all of which became publicly available by default. Even if settings were changed to private, profile pictures and bios remained public, and users - including adults - could still send children direct messages. The app also collected geolocation data on users until October 2016. Since July 2017, users were required to provide their age when registering, but the company failed to verify ages for existing users. According to the FTC complaint, many users self-identified as under 13, which would subject the company to COPPA. Musical.ly also reportedly received thousands of complaints from parents that children under 13 were using the app without their permission.

The FTC charges that not only did Musical.ly target children under 13, it had actual knowledge that it was collecting their personal information without consent in violation of COPPA. Musical.ly allegedly targeted children by creating animal emojis they could send to other users as well as song folders with titles such as "school" and "Disney" designed to appeal to kids. The complaint also states that "numerous press articles between 2016 and 2018 highlight the popularity of the App among tweens and younger children." Further, the company acknowledged the app's attraction for children when it posted guidance for parents that stated "If you have a young child on Musical.ly, please be sure to monitor their activity on the App."

The Musical.ly settlement is the latest example of how seriously the FTC takes COPPA enforcement. There have been nearly 30 FTC enforcement proceedings since the COPPA rule was issued in 2000. FTC Chairman Joe Simons stated that "This record penalty should be a reminder to all online services and websites that target children: We take enforcement of COPPA very seriously, and we will not tolerate companies that flagrantly ignore the law." Commissioners Rohit Chopra and Rebecca Slaughter issued a separate joint statement admonishing the company and calling for individual accountability of company officers who they allege "made a business decision to violate or disregard the law."

The Musical.ly settlement comes on the heels of the New York Attorney General's $4.95 million settlement with Oath, Inc. last December for its role in allegedly helping advertisers track and target ads to children in violation of COPPA, and other state attorneys general are vigorously enforcing the law. We expect that consumer privacy in general, and children's privacy in particular, will remain a key focus of federal and state legislators and regulators throughout 2019.