Aftermath of the TikTok COPPA Scandal and Keeping Your App Compliant
To protect children in an increasingly dangerous online environment, the United States Federal Trade Commission (FTC) introduced the Children’s Online Privacy Protection Rule, more commonly known as COPPA. This includes provisions for protecting children online against being tracked, their data being exploited, being tricked into giving out PII, and more. In our digital world, personal data is our most lucrative asset. Plus, children are online more than ever. Thus, it is more crucial than ever that apps strive to be COPPA compliant. However, COPPA is not a failsafe measure, and as the recent TikTok scandal has proved, it’s up to apps to ensure they they remain fully compliant and do not put children users at risk due to oversights.
Calculate how much your revenue would increase per month using OpenBack:
How Has TikTok Failed to be COPPA Compliant?
TikTok is currently the world’s most downloaded iPhone app, launched by Chinese company ByteDance. It is a platform that allows users to share micro-videos put to music. It’s been the top-trending video sharing app of the past year, usually used to showcase lip-syncing skills or short dance numbers, as in the example below:
DANG, the girl in the back has skills pic.twitter.com/tJzyRYAf3t
— TikTok (@tiktok_us) May 14, 2019
However, since it hit the markets, TikTok has proved lax about its rule barring children under 16 years old from using the app. In fact, the majority of their user base are in their teenage years or younger.
This has led to abuses of the platform. Underage users have accessed videos featuring sexually suggestive themes and content advocating self-harm. They are also able to communicate with stalkers and other internet predators.
The FTC Fines TikTok $5.7 Million
In February 2019, the FTC fined TikTok $5.7 Million for failing to be COPPA compliant. Among others, their infringements included:
- collecting children’s personal information without their parents’ consent
- defaulting profile pictures to public
- allowing children to be direct messages and geo-located
- ignoring parents’ email requests to delete their children’s apps
Following the fine, TikTok had to delete all data belonging to users under 13 years. They have also resolved to age gate its users at registration. However, many advocates for both data privacy and child protection fear that this won’t be enough of a deterrent for an app that makes $3.5 million in revenue per month via in-app purchases, digital gifts, etc.
India briefly banned TikTok due to pornography concerns, but the ban was lifted when the app agreed they had to do a better job at monitoring inappropriate content. And many are concerned with this unprecedented volume of data being at the disposal of the Chinese government, a notorious surveillance state, could potentially be used for sinister means along the lines of Cambridge Analytica.
And the fact that, since February’s backlash, TikTok has multiple different privacy policies depending on whether a user lives in Germany, the wider EU, the United States, Russia, India, or elsewhere would suggest that their lawyers have put a lot of time and effort into offering the bare minimum of data protection required by local regulations.
How Can You Stay COPPA Compliant and Protect Users’ Data?
As our digital identities become more complex, the technology to exploit them becomes more sophisticated. It’s more important than ever to ensure that your mobile app is compliant to all local regulations. Like TikTok, many large push notification platforms have recently updated their privacy policies, in a pre-emptive move to head off any repercussions for data abuse.
However, mobile apps who use the OpenBack SDK have the ability to automatically default their data settings to be COPPA compliant – as well as abide by GDPR and HIPAA. Unlike other SDKs, OpenBack uses edge computing to leverage device-side data signals. This means data doesn’t have to leave the user’s device to rest in centralized data servers, unless the user gives their consent. OpenBack also includes a feature where a user’s personal data can be deleted at their request, ensuring that you will always maintain a rapport of trust with your customers.
Contact one of our experts to learn more about how using OpenBack can help you provide a great app experience to your customers, while keeping their data secure.
For a definitive collection of push notification best practices download the OpenBack Mobile Marketing Playbook 2020 here: