TikTok, Other Mobile Apps Violate Privacy Regulations

App developers are ignoring laws and guidelines regulating data protection measures aimed at minors, putting their monetization plans in jeopardy and risking user trust.

The popular and increasingly
controversial social media app TikTok
must pay a fine of 12.7 million pounds (equivalent to around $16 million) in the UK for disregarding data protection for children.
The British data protection authority Information Commissioners Office (ICO) announced this week that TikTok had allowed up to 1.4 million children under the age of 13 in the country to open accounts in 2020, despite the apps own rules prohibiting it.
Childrens personal data had also been used without parental consent, it said, despite UK law requiring it.
TikTok also failed to implement adequate controls to identify and remove underage children from its platform,
an ICO statement
added.
While some senior TikTok executives had raised concerns internally, the company had not responded appropriately, the ICO said.
Meanwhile, a new
report from Pixalate
analyzing the privacy policy of every US-registered child-directed app in the Apple App Store found that the majority (54%) of those apps appear to violate the Childrens Online Privacy Protection Act (COPPA).
COPPA is a US federal law enacted in 1998 to protect the privacy of children under the age of 13 on the Internet. COPPA applies to websites and online services that collect personal information from children under the age of 13, such as their name, address, email address, phone number, and other identifiable information.
They must also post a clear and comprehensive privacy policy on their website or online service and provide parents with the option to review and delete their childrens personal information.
Due to skyrocketing online activity by children and teens, protecting their privacy and security online has become one of the most discussed topics in 2023.
The
Biden administration has called on Congress
to strengthen privacy protections, ban targeted advertising to children, and demand technology companies stop collecting personal data on children.
In children’s privacy enforcement actions against
publishers
and
advertising platforms
, the FTC has imposed hefty fines, customer refunds, and lengthy compliance and auditing obligations.
According to the Pixalate report, 21% of apps in the Apple Store dont even have a privacy policy, despite
Apples claim
that all apps in the store are required to have a privacy policy.
Among the US-registered, child-directed apps that do have a privacy policy, 34% are missing a Childrens Privacy Disclosure, and 13% are missing contact information.
Jalal Nasir, CEO of Pixalate, explains there are multiple risks for app developers who ignore the regulations and names three that stand out.
The first involves FTC fines, settlements, oversight and other similar remedies, and the second concerns losing the ability to monetize, for example undergoing business practices scrutiny, or being dropped by ad partners as they look to shed risk, he says. The third involves losing your customers trust.
Krishna Vishnubhotla, vice president of product strategy at Zimperium, says the penalties for violating the COPPA Rule can be substantial.
The FTC has the authority to bring enforcement actions against violators, and it may seek civil penalties of up to $43,280 per violation, he explains.
In addition to monetary penalties, violators may also be required to take corrective action, such as deleting the personal information of children that was collected in violation of COPPA.
The larger issue is that it can also harm a companys reputation and lead to a loss of trust among customers and partners, Vishnubhotla says.
Nasir says for smaller developers, lack of awareness or lack of resources are likely two of the biggest factors when it comes to failing COPPA compliance. But the biggest factor may be Apples failure to provide reasonable oversight.
Apple, as the gatekeeper of its app ecosystem, needs to take a much stronger stance in protecting children’s privacy, he says.
Apple not only needs to do a much better job of giving its developers the resources necessary to be compliant with the latest privacy laws, but it also seems to need to step up monitoring and enforcement of its own app store policies, Nasir says.
He adds that if app developers work with any third parties — including any advertising partners — they must ensure that those partners also have compliant privacy policies and practices.
It creates a complicated web, Nasir says.
The real problem concerns the vast number of apps and frequent releases, he says, which makes it difficult for the Federal Trade Commission or any organization to check for noncompliance.
Stores must provide these regulatory organizations with a dashboard or notifications in order to make it viable, he notes. Public stores may not allow that. Its almost impossible to accomplish this in a proactive, feasible, and structured manner.
Melissa Bischoping, director of endpoint security research at Tanium, says development of applications must balance available resources, regulatory requirements, and competing business priorities in their planning and execution.
While almost no one would disagree that privacy and protection of childrens data is always a priority, the technical debt and workload can make engineering the compliance a long and expensive process, she says.
She adds that complying with these, and other regulations and security best practices requires not only the talent to implement the solutions but also adequate staff to test and review that the designed solution meets the desired outcome.
This is, effectively, engineering a safer airplane while its in flight, she explains. It takes the work of multiple teams to engineer and assure. This effort, and others like it that are centered around protecting vulnerable populations, cannot be ignored.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
TikTok, Other Mobile Apps Violate Privacy Regulations