Over the past year, the issue of child privacy and protection online has become a big topic, and for good reason. Many large companies have either passively ignored their responsibilities, or have actively gone out of their ways to target children. Last April, YouTube was accused of purposely collecting information from minors, with a significant amount of evidence. Only a week later, another report exposed a large number of violations in Google Play. In July, Facebook and Instagram began purging profiles of those who do not have parental permission for an account.
All of these problems come about because of a US law entitled Children's Online Privacy Protection Act (Coppa). Passed in 1998, and amended in 2012, the law regulates the way that information about children under 13 must be handled. Essentially, no company operating within the US can collect any identifying information about children. For some platforms, this is no problem. However, for platforms like Facebook, Instagram, or YouTube, it is the basis of their business model to collect info. By their very nature, if a child creates an account, authorized or not, their information will be tracked passively.
Some companies, however, go out of their way to try and attract children into their platforms. One of the biggest offenders of this is TikTok, the Chinese replacement for Musical.ly. The company, Beijing ByteDance, purchased the Musical.ly platform in December of 2017 and rebranded it under their existing TikTok brand. Musical.ly, however, was known for appealing to children, and the company, both before and after the buyout, knew that their userbase skewed very young. In fact, 7 of the most popular accounts were all under 13.
That is why the US FTC has fined the company $5.7 million, for violating various aspects of COPPA. For example, Musical.ly required users to enter their real names, email addresses, phone numbers, and profile pictures before using the app. In addition, the platform made profiles public by default and still exposed photos and usernames publicly if made private, as well as allowing direct messages. The company even turned a blind eye after thousands of parental complaints about this, plus the fact that there was no infrastructure for parental consent. The FTC's decision was 5-0 in favor of the fine.