Last update: May 2021

3 mins to read - 2019/05/29

Aftermath of the TikTok COPPA Scandal and Keeping Your App Compliant

To protect children in an increasingly dangerous online environment, the United States Federal Trade Commission (FTC) introduced the Children’s Online Privacy Protection Rule, more commonly known as COPPA. This includes provisions  for protecting children online against being tracked, their data being exploited, being tricked into giving out PII, and more. In our digital world, personal data is our most lucrative asset. Plus, children are online more than ever. Thus, it is more crucial than ever that apps strive to be COPPA compliant. However, COPPA is not a failsafe measure, and as the recent TikTok scandal has proved, it’s up to apps to ensure they they remain fully compliant and do not put children users at risk due to oversights.

Download our Data Security Whitepaper to learn more about OpenBack’s innovative approach to data privacy:

How Has TikTok Failed to be COPPA Compliant?

TikTok is currently the world’s most downloaded iPhone app, launched by Chinese company ByteDance. It is a platform that allows users to share micro-videos put to music. It’s been the top-trending video sharing app of the past year, usually used to showcase lip-syncing skills or short dance numbers, as in the example below:

However, since it hit the markets, TikTok has proved lax about its rule barring children under 16 years old from using the app. In fact, the majority of their user base are in their teenage years or younger.

A large part of TikTok users are below 20, meaning TikTok should be COPPA compliant in the USA
Image Source:

This has led to abuses of the platform. Underage users have accessed videos featuring sexually suggestive themes and content advocating self-harm. They are also able to communicate with stalkers and other internet predators.

There is a more existentialist danger as well, with TikTok harvesting its users’ personal data and metadata. It then shares this data with various third parties, as explained in their privacy policy. Being an app with a China-based parent company, there is the very real likelihood that this data is being overseen by China’s government.

TikTok’s privacy policy has been updated recently on a country-to-country basis, following recent outrage. However, there is still much about their app that is unsettling from an online safety perspective. There is no “friends-only” filter to posting videos. This means they have to be either private or completely public to everyone on the app. Users also cannot delete their accounts, but have to send in an email request to do so.

TikTok repeatedly fails to be COPPA compliant

The FTC Fines TikTok $5.7 Million

In February 2019, the FTC fined TikTok $5.7 Million for failing to be COPPA compliant. Among others, their infringements included:

  • collecting children’s personal information without their parents’ consent
  • defaulting profile pictures to public
  • allowing children to be direct messages and geo-located
  • ignoring parents’ email requests to delete their children’s apps

Following the fine, TikTok had to delete all data belonging to users under 13 years. They have also resolved to age gate its users at registration. However, many advocates for both data privacy and child protection fear that this won’t be enough of a deterrent for an app that makes $3.5 million in revenue per month via in-app purchases, digital gifts, etc.

India briefly banned TikTok due to pornography concerns, but the ban was lifted when the app agreed they had to do a better job at monitoring inappropriate content. And many are concerned with this unprecedented volume of data being at the disposal of the Chinese government, a notorious surveillance state, could potentially be used for sinister means along the lines of Cambridge Analytica.

And the fact that, since February’s backlash, TikTok has multiple different privacy policies depending on whether a user lives in Germany, the wider EU, the United States, Russia, India, or elsewhere would suggest that their lawyers have put a lot of time and effort into offering the bare minimum of data protection required by local regulations.

How Can You Stay COPPA Compliant and Protect Users’ Data?

As our digital identities become more complex, the technology to exploit them becomes more sophisticated. It’s more important than ever to ensure that your mobile app is compliant to all local regulations. Like TikTok, many large push notification platforms have recently updated their privacy policies, in a pre-emptive move to head off any repercussions for data abuse.

However, mobile apps who use the OpenBack SDK have the ability to automatically default their data settings to be COPPA compliant – as well as abide by GDPR and HIPAA. Unlike other SDKs, OpenBack uses edge computing to leverage device-side data signals. This means data doesn’t have to leave the user’s device to rest in centralized data servers, unless the user gives their consent. OpenBack also includes a feature where a user’s personal data can be deleted at their request, ensuring that you will always maintain a rapport of trust with your customers.

Contact one of our experts to learn more about how using OpenBack can help you provide a great app experience to your customers, while keeping their data secure.

Download our Mobile Marketing Playbook to perfect your user engagement game!


Translate »