July 22, 2019

July 22, 2019

Subscribe to Latest Legal News and Analysis

App Company Musical.ly Pays Record COPPA Fine

In the largest Federal Trade Commission (FTC) settlement to date for a violation of the Children's Online Privacy Protection Act (COPPA), California-based mobile video app company Musical.ly (now TikTok) will pay $5.7 million to settle charges that it violated COPPA when it knowingly collected personal information of potentially millions of users under age 13 without parental consent. In addition to the penalty, Musical.ly agreed to destroy all collected personal information from users under 13 and comply with COPPA. 

The case was brought to the FTC's attention last year by the Children's Advertising Review Unit (CARU), the national advertising self-regulatory body, when Musical.ly refused to agree to adopt CARU's recommendations on COPPA compliance. According to the FTC press release, more than 200 million people (65 million in the U.S.) downloaded the Musical.ly app. The app allows users to create and upload videos of themselves lip-synching along to popular tunes and share them with other users. To register, users were required to provide an email address, phone number, username, first and last name, short bio, and profile picture, all of which became publicly available by default. Even if settings were changed to private, profile pictures and bios remained public, and users - including adults - could still send children direct messages. The app also collected geolocation data on users until October 2016. Since July 2017, users were required to provide their age when registering, but the company failed to verify ages for existing users. According to the FTC complaint, many users self-identified as under 13, which would subject the company to COPPA. Musical.ly also reportedly received thousands of complaints from parents that children under 13 were using the app without their permission.

The FTC charges that not only did Musical.ly target children under 13, it had actual knowledge that it was collecting their personal information without consent in violation of COPPA. Musical.ly allegedly targeted children by creating animal emojis they could send to other users as well as song folders with titles such as "school" and "Disney" designed to appeal to kids. The complaint also states that "numerous press articles between 2016 and 2018 highlight the popularity of the App among tweens and younger children." Further, the company acknowledged the app's attraction for children when it posted guidance for parents that stated "If you have a young child on Musical.ly, please be sure to monitor their activity on the App."

The Musical.ly settlement is the latest example of how seriously the FTC takes COPPA enforcement. There have been nearly 30 FTC enforcement proceedings since the COPPA rule was issued in 2000. FTC Chairman Joe Simons stated that "This record penalty should be a reminder to all online services and websites that target children: We take enforcement of COPPA very seriously, and we will not tolerate companies that flagrantly ignore the law." Commissioners Rohit Chopra and Rebecca Slaughter issued a separate joint statement admonishing the company and calling for individual accountability of company officers who they allege "made a business decision to violate or disregard the law."

The Musical.ly settlement comes on the heels of the New York Attorney General's $4.95 million settlement with Oath, Inc. last December for its role in allegedly helping advertisers track and target ads to children in violation of COPPA, and other state attorneys general are vigorously enforcing the law. We expect that consumer privacy in general, and children's privacy in particular, will remain a key focus of federal and state legislators and regulators throughout 2019.

© 2019 Keller and Heckman LLP


About this Author

Tracy Marshall, Keller Heckman, regulatory attorney, for-profit company lawyer

Tracy Marshall assists clients with a range of business and regulatory matters.

In the business and transactional area, Ms. Marshall advises for-profit and non-profit clients on corporate organization, operations, and governance matters, and assists clients with structuring and negotiating a variety of transactions, including purchase and sale, marketing, outsourcing, and e-commerce agreements.

In the privacy, data security, and advertising areas, she helps clients comply with privacy, data security, and consumer protection laws, including laws governing telemarketing and...

Sheila Millar, Keller Heckman, advertising lawyer, privacy attorney

Sheila A. Millar counsels corporate and association clients on advertising, privacy, product safety, and other public policy and regulatory compliance issues.

Ms. Millar advises clients on an array of advertising and marketing issues.  She represents clients in legislative, rulemaking and self-regulatory actions, advises on claims, and assists in developing and evaluating substantiation for claims. She also has extensive experience in privacy, data security and cybersecurity matters.  She helps clients develop website and app privacy policies, data security and access procedures, manage trans-border data flows, respond to data breaches and create training programs. She assists clients on digital media issues, helping them develop social media, blogging and user-generated content policies, and to understand advertising technology and online behavioral advertising issues.  Ms. Millar also works with clients to navigate the array of federal and state requirements governing contests and sweepstakes, and advises on gift cards, coupons and rebates.  She represents clients on advertising and privacy matters before the Federal Trade Commission (FTC), the Children’s Advertising Review Unit (CARU), the National Advertising Division (NAD), as well as in connection with investigations by state regulatory bodies and Attorneys General.