FTC Cracks Down on Child Online Privacy Protection Act Violations

Take a look at your website’s privacy policy.  Chances are, it includes some language stating that your website does not intend to collect personal information from children under the age of 13 and that, if you become aware that your website has collected personal information from a child under the age of 13, you will promptly delete that information.  This is designed to address the Child Online Privacy Protection Act (“COPPA”), which requires parental consent prior to collecting personal information about a child under the age of 13.

While most privacy policies include language to this effect, very few website operators take either it, or COPPA, seriously.  But in a recent, landmark settlement, the Federal Trade Commission (“FTC”) has shown that it does take COPPA seriously. 

The FTC began enforcement proceedings against the operators of Tik Tok (formerly known as Musical.ly) for violations of COPPA.  Tik Tok required users to provide an email address, phone number, username, first and last name, a short biography, and a profile picture in order to sign up for its services.  Tik Tok was also aware that a significant percentage of their users were under 13 and had received thousands of complaints from parents that their children under 13 had created accounts.  Tik Tok never notified parents about their collection and use of personal information from these children, obtained parental consent for such collection and subsequent use, or deleted the personal information when requested by parents.

Tik Tok settled with the FTC for a fine of $5.7 million, the largest ever civil penalty obtained by the FTC in a children’s privacy case.  Additionally, Tik Tok must comply with COPPA in the future and remove all videos made by children under 13.

This settlement highlights the importance of understanding why certain language is included in your website privacy policy.  It also highlights that a company’s COPPA-related duties only begin with its privacy policy.  If it does not adhere to the letter of its policy in its actual information collection and processing practices, significant liability can attach.  The FTC takes violations of this sort very seriously and will pursue operators who fail to comply with their obligations under COPPA.

Governor Cuomo Proposes Extending New York Estate ...
Right Around the Corner! Our Annual Labor and Empl...


This website presents only general information not intended as legal advice. Although we encourage calls, letters and emails from prospective clients, please keep in mind that merely contacting Harter Secrest & Emery LLP (HSE) does not establish an attorney-client relationship between us. Confidential information should not be sent to HSE until you have been notified in writing by HSE that a formal attorney-client relationship has been established. Information sent to us before then may not be treated as confidential by HSE or the court.

I have read this and agree     Cancel

Our website uses cookies. By continuing to use our site, you agree to our use of cookies in accordance with our Privacy Policy.