The popular social media app, (now known as TikTok), which allows users to make videos of themselves lip syncing to songs, recently entered into a record $5.7 million settlement with the Federal Trade Commission (“FTC”) to resolve allegations of illegal collection of children’s data in violation of the Children’s Online Privacy Protection Act of 1998 (“COPPA”).

To register for the app, users provide their email address, phone number, username, first and last name, short bio, and a profile picture. In addition to allowing users to create music videos, the app provides a platform for users to post and share the videos publicly. The app also had a feature whereby a user could discover a list of other users within a 50-mile radius with whom the user could connect and interact.

The FTC’s complaint alleged that was operating within the purview of COPPA in that (i) the app was “directed to children” and (ii) had actual knowledge that the company was collecting personal information from children. Specifically, the complaint alleged that the app was “directed to children” because the music library includes songs from popular children’s movies and songs popular among children and tweens. Furthermore, the FTC asserted that had actual knowledge that children under the age of 13 were registered users of the app because: (i) in December 2016, a third party publicly alleged in an interview with the cofounder of, Inc. that seven of the app’s most popular users appeared to be children under age 13; (ii) many users self-identify as under 13 in their profile bios or provide school information indicating that they are under the age of 13; and (iii) since at least 2014, received thousands of complaints from parents of children under the age of 13 who were registered users of the app.

The FTC alleged that violated COPPA by, among other things, failing to directly notify parents of the information being collected from children under the age of 13, failing to obtain parental consent before the collection or use of such information, and failing to delete such personal information following requests from parents.

Last December, New York Attorney General Barbara D. Underwood announced a $4.95 million settlement with Oath, Inc. (f/k/a AOL Inc.), a wholly-owned subsidiary of Verizon Communications, Inc., for alleged violations of COPPA as a result of its involvement with online behavioral advertising auctions (click here to read our previous post). Until recently, this settlement represented the largest penalty ever in a COPPA enforcement matter in U.S. history. The settlement surpasses that.

The complaint filed by the FTC against is available here.

Our take

Website operators, app developers, and online service providers must conduct a detailed analysis regarding whether they are subject to COPPA. The FTC warned in its recent press release announcing the settlement that “whether a company intends – or doesn’t intend – to have a site directed to kids isn’t what controls the analysis . . . [i]nstead, the FTC will look to the site’s look and feel, as well as evidence that the company had actual knowledge that users are under 13.”

Additionally, the FTC has stated that it plans to expand the circumstances in which its investigations focus upon individual accountability. Commissioner Rohit Chopra and Commissioner Rebecca Kelly Slaughter issued a joint statement about the settlement in which they state that the FTC’s investigations will “prioritize uncovering the role of corporate officers and directors and hold accountable everyone who broke the law.”