Children’s data privacy under the spotlight.

What technology does your business provide or use when it comes to persons under 13 years of age in particular?

TikTok given a record fine for video sharing app over children’s data – the short-form video sharing app has been handed the largest ever fine for a US case involving children’s data privacy.

TikTok has agreed to pay $5.7m (£4.3m) and put in place a new mechanism to handle users who say they are under 13. The Federal Trade Commission (FTC) said the Musical.ly app, which was later acquired and incorporated into TikTok, knowingly hosted content published by underage users. The FTC has ordered TikTok to delete this data.

TikTok’s parent company, China-based ByteDance, acquired Musical.ly in 2017, and incorporated it into TikTok. The apps allowed members to create short videos, set to music, to share with other users.

TikTok users in the US will be required to verify their age when they open the app but a person signing up can simply lie about their date of birth in order to get around any checks. However, TikTok said it would not be asking existing users in the UK to verify their age as the settlement only applied to the US.

TikTok has an estimated base of 1 billion users worldwide and the FTC was concerned about how old some of those users were.

The company had asked about age and prevents people who say they’re under 13 from creating accounts but Musical.ly didn’t go back and request age information for people who already had accounts.

According to the regulators complaint, Musical.ly was contacted by more than 300 parents in just a two-week period in September 2016. While the profiles of the children involved were subsequently deactivated, the content the child had posted was not deleted.

TikTok was fined because of what the FTC saw as Musical.ly’s failure to adhere to the basic principles of the Children’s Online Privacy Protection Act (Coppa). Obligations include being upfront in how children’s data is collected and used, as well as a mechanism by which to inform parents their child is using the service, and obtain their consent.

The company was also said to have not responded adequately to parents’ requests to delete data, and subsequently held onto that data for longer than was reasonable.

TikTok’s settlement does not constitute an admission of guilt, but the firm does not plan to contest any of the FTC’s allegations. The process of deleting the data in question has begun, but the firm could not give an estimate of how long it would take.

So why does this matter?

Are your Terms and Conditions written in a child-friendly? The legislation states that it should be.How clear are you making it to your users or how your technology/use of data works when they use it and even how you use their data (even in a non-digital way).

Third party use of children’s information comes with its own set of rules – such as a parentt’s or guardian’s approval.

Talk to DLM Group how your business can be impacted.