TikTok, a social media giant known for allowing its user to upload short videos, continues to battle its reputation for consumer privacy violations. Within the last three years, TikTok’s collective settlements now rival its membership with over $98 million settled damages and approximately 100 million members.
Beginning in February 2019, the Federal Trade Commission (“FTC”) began pursuing TikTok for alleged violations of the Children’s Online Privacy Protection Act (“COPPA”). COPPA aims to protect children under the age of thirteen by requiring service providers to obtain parental permission before collecting personal information on the children. According to the FTC, TikTok did not ask for parents’ permission for those under thirteen seeking to use the app but continued to collect information on the minors.
Specifically, TikTok collected names, email addresses, and geographic locations of minors, while also monitoring minor content. TikTok even alerted users of other TikTok profiles within a fifty-mile radius. This problematic feature led to parents claiming their children were contacted by strangers through the application given geographic proximity. TikTok denies these claims but eventually agreed to 5.7-million-dollar settlement later that year.
On March 25, 2022, U.S. District Court for the Northern District of Illinois approved a $1.1 settlement by TikTok for a class of minors after two mothers initiated a class action for individuals under the age of thirteen. First proposed in 2019, this class action settlement similarly confronted TikTok’s failure to obtain parent permission before collecting data. While settlement figures of $5.7 million and $1.1 million are seemingly nominal amounts for the social media giant, TikTok is currently pending approval of a $92 million settlement in the Northern District of Illinois.
In September 2021, a federal judge preliminarily approved the $92 million settlement of TikTok’s “Nationwide Class Action” suit brought by U.S. residents and an Illinois subclass of residents seeking compensation for biometric privacy act damages. However, certain plaintiffs filed an opposition claiming that the compensation would only reach 1.4% of the alleged class. These same plaintiffs further argued that paying $3,276,268 for a notification plan that failed to reach 98.6% of the class participants was inequitable.
The Nationwide class action alleged violations of the Illinois Biometric Information Privacy Act, Computer Fraud and Abuse Act, California’s Comprehensive Computer Data Access and Fraud Act, California’s Unfair Competition Law, and the Video Privacy Protection Act. Under the Illinois Biometric Information Privacy Act, TikTok was precluded from collecting facial recognition scans of users absent written consent. However, TikTok allegedly collected scans of the users face while they used the app, and, allegedly, the app scanned the device it was downloaded on for any other biometric data it could collect and store. TikTok is also accused of using algorithms to determine the age, gender, and race of the users who were uploading videos by scanning their physical appearance.
Since the settlement agreement was proposed, TikTok agreed to stop its illegal data collection activities and refrain from using the App to collect or store a domestic user's biometric data, geolocation information, or ‘clipboard’ content, as well as exporting a U.S.-based user’s data outside of the United States. TikTok further agreed to delete all pre-uploaded user-generated content collected from domestic users who did not ‘save’ or ‘post’ the content, as well as institute an annual training program for their employees and contractors on compliance with data privacy laws. The settlement agreement also obligates TikTok to hire a third-party firm at TikTok’s expense to review their data privacy training for a period of three years.