US sues TikTok for violating children privacy protection laws
The U.S. Department of Justice has filed a lawsuit against popular social media platform TikTok and its parent company, ByteDance, alleging widespread violations of children's privacy laws.
This lawsuit alleges that TikTok collected personal information from children under 13 without parental consent, violating the Children's Online Privacy Protection Act (COPPA).
Since 2019, TikTok has also allowed children to create TikTok accounts outside "Kids Mode" (a version of the app dedicated to children under 13) and failed to implement policies and processes that would help identify and disable/delete children-created accounts.
The Justice Department argues that this practice exposed millions of young users to "extensive data collection" and privacy risks, allowing them to access adult content and interact with adult users.
The lawsuit, filed in the U.S. District Court for the District of Columbia, asserts that TikTok and ByteDance were aware of these violations yet continued to engage in illegal data collection practices.
Failures to delete collected data
The DOJ's investigation into TikTok's data collection practices also revealed that the company failed to delete personal information when parents requested it, a requirement under COPPA.
Additionally, the complaint alleges that TikTok misled parents and users about its data collection policies, failing to provide adequate notice about what data was being collected and how it was being used.
"For example, in a 2018 exchange, a high-level employee of Defendants explicitly acknowledged that Defendants had 'actual knowledge' of children on TikTok upon receiving the first parental request, and yet did not delete children's accounts upon receiving the request. In the exchange, the former CEO of TikTok Inc. communicated about underage users on TikTok with the executive responsible for child safety issues in the United States," the complaint [PDF] reads.
"For years, Defendants have knowingly allowed children under 13 to create and use TikTok accounts without their parents' knowledge or consent, have collected extensive data from those children, and have failed to comply with parents' requests to delete their children's accounts and personal information."
The Justice Department now seeks civil penalties and injunctive relief against TikTok and ByteDance to prevent further violations. The TikTok Android app has over 1 billion downloads, while the iOS version has been rated 17.2 million times.
"The Department is deeply concerned that TikTok has continued to collect and retain children's personal information despite a court order barring such conduct," Acting Associate Attorney General Benjamin C. Mizer said today. "With this action, the Department seeks to ensure that TikTok honors its obligation to protect children's privacy rights and parents' efforts to protect their children."
TikTok proud of its "efforts to protect children"
In response to the lawsuit, TikTok stated that it disagrees with the "allegations, many of which relate to past events and practices that are factually inaccurate or have been addressed."
"We are proud of our efforts to protect children, and we will continue to update and improve the platform," it added.
In September, the Irish Data Protection Commission (DPC) fined TikTok $368 million (€345 million) for violating the privacy of children between the ages of 13 and 17 while processing their data, according to multiple articles of the European Union's General Data Protection Regulation (GDPR).
The DPC also found that the company employed "dark patterns" during registration and posting videos, subtly guiding users to select options that compromised their privacy.
In January 2023, TikTok was also fined $5.4 million (€5 million) by France's data protection authority (CNIL) for insufficiently informing users about how it uses cookies and making it difficult to opt out.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024