23298
post-template-default,single,single-post,postid-23298,single-format-standard,stockholm-core-2.4,qodef-qi--no-touch,qi-addons-for-elementor-1.6.7,select-theme-ver-9.5,ajax_fade,page_not_loaded,,qode_menu_,wpb-js-composer js-comp-ver-7.9,vc_responsive,elementor-default,elementor-kit-38031
Title Image

Musical.ly’s Young User Base Highlights COPPA’s Flaws

Coppa

Musical.ly’s Young User Base Highlights COPPA’s Flaws

Edited and updated by: Anthony Zangrillo

Musical.ly is a social media app that allows users to record and share short lip sync videos set to pre-selected songs and sound clips as well as upload short videos with the users’ own audio. [1]  The app has risen to prominence quickly, racking up 90 million users in a little more than two years.[2] Some have even likened the app to Snapchat because of its near-instant popularity and youthful user base.[3] Founders, Alex Zhu and Luyu Yang of Shanghai “created musical.ly to be at the intersection between entertainment and social networks.”[4]

The content created and posted on Musical.ly tends to be fun, upbeat and just a little bit silly.  The most popular videos involve dancing or humorous audio clips from film and television. [5] It should come as no surprise then that the app has attracted a more youthful, if not juvenile audience compared to many of its rival social media platforms.

While Musical.ly does not track the ages of its individual users, the company claims a majority of its audience is in the coveted 13 to 20 age bracket.[6] To many this may seem like an impossibly young demographic, however experts estimate that the Musical.ly audience skews even younger. In a recent New York Times article Gary Vaynerchuk of VaynerMedia stated that he believed Musical.ly users were often between first and third grade. [7] This seems consistent the anecdotal evidence, at least.  A section of the app called “leader board” displays the names and pictures of the users with the most watched videos from the previous day.  On any given day, this list depicts a number of users who appear to be in elementary school.

The youthfulness of the Musical.ly audience presents an interesting question regarding the effectiveness of the Childhood Online Privacy Protection Act (“COPPA”). COPPA was enacted in 1998 for the purpose of limiting what information companies can collect about children under the age of 13 without parental consent. The law went into effect in 2000 and was amended in 2013 to, amongst other things, broaden the type of information regulated.[8] Since the time of the legislation’s inception many companies have struggled to comply and have frequently been unsuccessful.  Just this past month, Viacom, Mattel, Hasbro and JumpStart were forced to pay $835,000, combined in penalties for allowing third parties to collect children’s information from their websites.[9]

With so many underage users it would seem that Musical.ly is a prime candidate for COPPA regulation.  Furthermore, the app collects information that COPPA protects such as geolocation and video and audio files where a child’s image and voice are readily recognizable. [10] However, with the current state of the law, it would be very difficult for the FTC to pursue legal action against Musical.ly for the collection of this information.

The Musical.ly platform is not specifically targeted at children and therefore does not warrant the highest level of scrutiny under COPPA (compared to NickJr.com and Barbie.com which are prime examples of targeted websites).[11] For websites and apps like Musical.ly, that do not specifically target children, COPPA’s regulations are easy to circumvent for two reasons: (1) children can easily misrepresent their ages and (2) companies are not required to ask for the age of their website’s users and thus can claim ignorance.  Musical.ly falls into the second category.  COPPA states: “It shall be unlawful for any operator of a Web site or online service directed to children, or any operator that has actual knowledge that it is collecting or maintaining personal information from a child”. [12] By never asking for the ages of its users Musical.ly is ensuring it has plausible deniability and thus will likely not be subject to sanction by the FTC.

Roy Smith, Founder & CEO of PrivacyCheq, stated that “Directed at Children” is a “wishy washy definition that allows publishers to claim they are addressing a large audience and not specifically targeting children. [For example,] Candy Crush uses brightly colored animated characters, and the subject of the game is matching different pieces of candy. Candy Crush has 500 million monthly users. Let’s imagine that only 1% of those users are children under 13 (I’m positive it’s more like 5%-10%). So 5 million children under 13 who play Candy Crush are not covered by COPPA because the app is not ‘directed at children.'”

This case is indicative of a much larger problem with COPPA.  Many websites, especially social media platforms, utilize this ignorance loophole to avoid liability. [13] By comparison, companies with children’s brands are forced to take extreme measures to comply and are still subject to massive liability when they inevitably slip up. [14] This inequality makes it far more expensive to deal in the realm of children’s products and forces many companies out of the market. Furthermore, as it currently operates, COPPA does not actually fulfill its stated purpose to keep kids safe online. In 1998, when COPPA was written, legislators had no idea what a large part social media would play in society.  In June 2016 Facebook had approximately 95.5 Million active daily users in the United States. [15] Statistically, at least a portion of those must be children under the age of 13, however their actions on the social media platform are beyond the reach of COPPA regulation.  A simple solution would be to close the loophole, however this would require massive additional expenditures to ensure compliance on the part of private enterprise and to enforce on the part of the government. Roy Smith points out that “the new EU privacy law, called General Data Protection Regulation (GDPR) has a child privacy protection provision that is nearly identical to COPPA, with a few exceptions: (1) no loopholes, (2) each EU member state can choose the age of ‘consent’ from 13 to 18, and (3) in Europe, privacy laws are enforced, vigorously.” No immediate solution to this problem has presented itself, so in the meantime the burden falls to parents to monitor how their children’s information is actually being collected online by reading the privacy policies websites and apps their children use and making inquiries when those policies are unclear.

Footnotes[+]

Kali Jelen

Kali Jelen is a second-year J.D. Candidate at Fordham University School of Law and a staff member on the Fordham Intellectual Property, Media & Entertainment Law Journal. She holds a B.S. in Business Administration from Pepperdine University.