The former UK Children's Commissioner launched a legal action on Tuesday against the video platform TikTok accusing it of illegally collecting personal data from millions of children in the UK and Europe.
Anne Longfield is suing TikTok and its Chinese parent company ByteDance on behalf of children (under 16 in the EU and 13 in the UK), hoping for compensation that could total billions of pounds, according to a statement. Some 3.5 million children in the UK are being wronged, her statement said.
It explains that every child who has used TikTok since May 2018, i.e. since the introduction of the EU's General Data Protection Regulation (GDPR), whether they have an account or not, could be affected by this data harvesting. This personal information includes phone numbers, videos, images, location of connection or even biometric data, such as facial recognition data.
The complaint, also filed by the law firm Scott+Scott, alleges that TikTok collects data without adequate warning, transparency, and consent, as required by law.
A bounty of child data
Anne Longfield said TikTok, which has 800 million users worldwide, is deliberately 'opaque' about its use of data, which is 'incredibly valuable' to the company, whose Cayman Islands-registered parent company ByteDance is expected to have revenues of nearly $30 billion (about €25 billion) by 2020, two-thirds of which she said will come from advertising, which is informed by user data.
TikTok is a hugely popular platform that has helped kids stay in touch with their friends during an incredibly difficult year. But behind the fun songs, dance challenges or playback, there is something much more malicious.
Standard legal defenses
Predictably, a TikTok spokesperson said in response that the complaint 'lacks merit' and that the company 'intends to defend itself vigorously. '
Privacy and security are top priorities for TikTok and we have robust practices and technologies in place to protect all users, and teens in particular.
TikTok was previously fined $5.7 million (about £4.1 million) in the US in February 2019 for illegally collecting personal data from minors under the age of 13, including their names, email and postal addresses. With such a precedent, repeat offense in different jurisdictions is likely.