TikTok logo

TikTok facing fresh lawsuit in US over children’s privacy

The Federal Trade Commission (FTC) has announced it’s referred a complaint against TikTok and parent company ByteDance to the Department of Justice.

The investigation originally focused on Musical.ly which was acquired by ByteDance on November 10, 2017, and merged it into TikTok.

The FTC started a compliance review of Musical.ly following a 2019 settlement with the company for violations of the Children’s Online Privacy Protection Act (COPPA). In the settlement, Musical.ly received a fine of $5.7m for collecting personal information from children without parental consent.

One of the main concerns was that Musical.ly did not ask the user’s age and later failed to go back and request age information for people who already had accounts.

COPPA requires sites and services like Musical.ly and TikTok – among other things – to get parental consent before collecting personal information from children under 13.

Musical.ly also failed to deal with complaints properly. The FTC found that—in just a two-week period in September 2016—the company received over 300 complaints from parents asking Musical.ly to delete their child’s account. However, under COPPA it’s not enough just to delete existing accounts, companies have to remove the kids’ videos and profiles from the company’s servers; Musical.ly failed to do this.

In 2022, TikTok itself faced a $28m fine for failing to protect children’s privacy after an investigation of a possible breach of the UK’s data protection laws.

In the US, TikTok agreed to pay $92 million in 2021 to settle dozens of lawsuits alleging that it harvested personal data from users, including information using facial recognition technology, without consent, and shared the data with third parties.

The FTC states that during the investigation it uncovered reasons to believe that “defendants are violating or are about to violate the law and that a proceeding is in the public interest.”

The FTC also said it usually doesn’t publicize the referral of complaints but feels it is in the public interest to do so now.

TikTok has been in the crosshairs of privacy and security professionals and politicians for years.

In June 2022,  the FCC (Federal Communications Commission), called on the CEOs of Apple and Google to remove TikTok from their app stores considering it an unacceptable national security risk because of its Chinese ownership.

In 2023, General Paul Nakasone, Director of the National Security Agency (NSA) referred to TikTok as a loaded gun in the hands of America’s TikTok-addicted youth.

Recently, we reported about the take-over of some high-profile TikTok accounts just by opening a Direct Message.

And the clock is ticking when it comes to TikTok’s presence in the US, after the US Senate has approved a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the still immensely popular app.

Somehow we don’t think we’ve heard the last of this.

Check your digital footprint

Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.