Morris Manning & Martin, LLP

Lessons from TikTok: Federal and State Law Implications for Children’s Biometric Data Privacy

11.30.2020

TikTok has been dominating news headlines for its ongoing struggles with privacy advocates and regulators. United States politicians have raised concerns that TikTok poses a national security threat over potential ties to the Chinese Government and President Trump’s administration has banned the app in the U.S. Numerous countries have opened active investigations into TikTok’s data collection practices and India has also banned the app from use within its borders. One primary reason why TikTok is being scrutinized by governmental authorities is TikTok’s collection of personal information related to minors and the alleged lack of security and privacy safeguards explicitly tailored to children who are the main demographic target for using the app. Countries that have adopted data privacy and biometric laws have specific requirements around the collection of personal information related to children. Due to the nature of the app and its purpose, TikTok also has been scrutinized for compliance with privacy laws affecting minors.

In May 2020, TikTok, Inc. (TikTok) and its Chinese-owned parent company ByteDance Inc. were named in a lawsuit filed in a federal court in San Francisco, alleging claims under Illinois’s Biometric Information Privacy Act (BIPA) for failing to obtain parental consent of minor users. This lawsuit isn’t the first time TikTok has faced scrutiny for its data collection practices with respect to minors. TikTok reached a settlement in 2019 with the Federal Trade Commission (FTC) for alleged violations of the Children’s Online Privacy Protection Act (COPPA) and has received criticism from consumer rights groups. Companies whose products and services are directed towards children need to be aware of federal and state privacy laws regulating biometric collection as well as specific requirements with respect to minor data collection.

Read more as the Cybersecurity and Privacy Practice discuss the Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), the New York Stop Hacks and Improve Electronic Data Security Act (NY Shield Act), and best practices surrounding biometric privacy laws.