Yes, TikTok faces serious allegations that it collected personal information from children under 13 without obtaining proper parental consent, in direct violation of federal law and a previous settlement agreement. On August 2, 2024, the U.S. Department of Justice and Federal Trade Commission filed a civil lawsuit against TikTok Inc., ByteDance Ltd., and affiliated companies, alleging repeated violations of the Children’s Online Privacy Protection Act (COPPA) and a 2019 FTC consent order requiring strict safeguards for children’s data. The case centers on how TikTok allowed children to bypass age verification, collected extensive personal data including names, email addresses, phone numbers, and location information, and shared that data with third parties—all without notifying or receiving permission from parents. This lawsuit carries significant penalties and reflects a watershed moment in how federal regulators enforce children’s privacy protections online.
The government is seeking up to $51,744 per violation per day from January 10, 2024 onward, and TikTok recently settled related class action claims for $400 million. A class action multidistrict litigation (MDL) was established in 2025 with case number 2:25-ml-03144, consolidating lawsuits from parents in California, Connecticut, Florida, and New Jersey. The proceedings signal what Harvard Law School experts describe as “more aggressive policing of children’s privacy online” and suggest that other social media companies may face similar scrutiny. The core problem revealed in the case is not that TikTok collected data from teenagers—which it is permitted to do with restrictions—but that it systematically allowed children under 13 to access the full platform and collected detailed personal profiles on them without parental knowledge or consent. For parents whose children may have used TikTok, understanding the specifics of this case is essential, as eligibility for compensation depends on when and how their children’s data was allegedly collected.
Table of Contents
- How Did TikTok Allow Children to Bypass Age Verification?
- What Personal Data Was Collected and How Was It Used?
- The 2019 Settlement That Should Have Prevented This
- What Are the Financial Penalties and Settlement Amounts?
- What Was TikTok’s Legal Defense?
- Who Is Eligible for the Class Action Settlement?
- What This Case Means for Children’s Privacy Going Forward
- Conclusion
How Did TikTok Allow Children to Bypass Age Verification?
The lawsuit alleges that TikTok’s age verification system was fundamentally ineffective at preventing access by children under 13. When users entered a birthdate that placed them under 13, TikTok did not permanently block their account. Instead, it allowed them to restart the account creation process and enter a different birthdate, circumventing the age gate entirely. Additionally, users could log in to TikTok via third-party services like Facebook or Google without undergoing age verification at all, a workaround that TikTok’s system failed to address.
These loopholes meant that a determined 12-year-old could create an account within minutes and gain full access to the platform, including all the personalization features that required data collection. The government’s investigation found that TikTok was aware of these vulnerabilities but did not adequately remediate them. Even after the 2019 FTC settlement imposed specific requirements, TikTok’s “Kids Mode” feature—ostensibly designed to comply with COPPA—still failed to meet federal requirements. The designation of a Kids Mode suggested that TikTok had taken steps to protect minors, but the reality was that most children were not using it, and access controls remained insufficient across the main platform. Experts point out that any age verification system relying on self-reported birthdates is inherently weak, particularly when users face no consequences for lying and the platform offers no independent verification.

What Personal Data Was Collected and How Was It Used?
Once children bypassed the age gate, TikTok collected an extensive array of personal information: names, email addresses, phone numbers, location data derived from device settings and IP addresses, device identifiers, viewing habits, search history, and persistent identifiers used to build and maintain detailed behavioral profiles. This was not accidental data collection—it was systematic and deliberate, designed to support TikTok’s recommendation algorithm and advertising system. The FTC lawsuit emphasizes that TikTok collected this data without informing parents or obtaining their consent, which is the central violation of COPPA. A critical limitation of current regulations is that COPPA does not prevent collection itself if proper notice and parental consent are obtained; rather, it requires those procedural safeguards as a prerequisite.
TikTok’s approach violated this requirement by collecting first and never seeking parental permission at all. Furthermore, TikTok did not merely store this data internally. The lawsuit alleges that TikTok shared children’s personal information with Facebook (now Meta) and AppsFlyer, a mobile analytics company, for purposes including “retargeting less active users.” This third-party sharing expanded the risk to children far beyond TikTok’s own platform. When a tech company shares data with another company, the original child and their parents lose visibility into where that data goes and how it is used—a compounding privacy violation.
The 2019 Settlement That Should Have Prevented This
This is not TikTok’s first rodeo with federal privacy enforcement. In August 2019, TikTok settled with the FTC for $5.7 million over earlier COPPA violations, with the agreement imposing strict requirements for how TikTok must handle children’s data going forward. The settlement required TikTok to implement parental consent mechanisms, delete personal information collected from children under 13, and establish compliance monitoring procedures. Yet according to the Department of Justice, TikTok violated this very consent order between its signing and the filing of the August 2024 lawsuit.
The recidivism here is crucial to understand: TikTok was not facing a lawsuit over new, unanticipated legal theories. It was being sued for allegedly doing the same thing it had already paid $5.7 million to stop doing. This pattern strengthens the government’s argument that TikTok’s violations were willful and deliberate rather than accidental. The timeline also suggests that when TikTok discovered its age verification failures, it did not promptly notify the FTC or seek to remedy the problem; instead, it continued collecting data. For parents and plaintiffs, this prior settlement means there is documented evidence that TikTok understood its obligations and chose not to follow them.

What Are the Financial Penalties and Settlement Amounts?
The financial stakes in this case are substantial and multilayered. On the government enforcement side, the DOJ and FTC are seeking up to $51,744 per violation per day, with violations counted from January 10, 2024 onward. To put this in perspective, if the government identified even 1,000 distinct COPPA violations per day, the potential liability would exceed $51 million per day—a figure that compounds rapidly over months or years of violations. The maximum COPPA penalty for individual violations is $53,000, but the daily calculation allows much larger aggregate penalties when violations are numerous or persistent.
On the class action side, TikTok reached a settlement of $400 million to resolve claims by parents and children alleging privacy violations. This settlement resulted from the consolidation of individual lawsuits filed in multiple states (California, Connecticut, Florida, and New Jersey) into a single multidistrict litigation. The distribution of this settlement among class members will depend on the total number of eligible children and the terms of the settlement agreement as approved by the court. Unlike a government settlement, which goes primarily to the federal treasury and is used for administrative purposes, class action settlements are designed to compensate the actual injured parties—in this case, the families whose children’s data was collected without consent. However, the tradeoff is that settlement distributions are typically divided among all eligible class members, which means individual payments are usually smaller than one might expect from a $400 million pool.
What Was TikTok’s Legal Defense?
TikTok’s response to the lawsuit included multiple motions to dismiss and stay the proceedings. In November 2025, U.S. District Judge George H. Wu issued a minute order that largely rejected TikTok’s arguments, dismissing TikTok’s motion to stay and substantially dismissing its motion to dismiss. This ruling allows the case to proceed and suggests the court found the government’s allegations sufficiently detailed and plausible to survive an early motion to dismiss.
While TikTok may continue to contest liability at trial, the judge’s decision to move forward with the case is a significant hurdle for the company. One important limitation to note: even as the lawsuit proceeds in federal court, TikTok’s own business practices have evolved. The company has implemented new age verification measures and updated its approach to children’s accounts—changes that would be characterized as remedial rather than admission of wrongdoing. The government’s case focuses on conduct that occurred prior to and shortly after the August 2024 filing, not necessarily on TikTok’s current systems. This means that even if TikTok loses on liability, the damages will be calculated based on historical violations, not on an assumption that the violations are ongoing. Future compliance is a separate matter from past violations.

Who Is Eligible for the Class Action Settlement?
The consolidated class action litigation, designated as In Re: TikTok, Inc., Minor Privacy Litigation (MDL 2:25-ml-03144) in the U.S. District Court for the Central District of California, encompasses parents and guardians whose children had personal data collected by TikTok between certain dates without parental consent. Interim lead counsel has been appointed (Cohen Milstein as of June 2025), a firm specializing in privacy litigation.
To be eligible for the settlement distribution, individuals typically must submit a claim form documenting their child’s alleged use of TikTok and the period during which they believe data was collected in violation of COPPA. Claims administrators will handle the distribution process, which usually involves verifying the information submitted and calculating an individual payment based on the total number of eligible claimants and any settlement terms that differentiate between different groups of affected users. Parents should monitor the official lawsuit website and the claims administrator’s notices for deadlines to submit claims, as missing the deadline typically bars recovery.
What This Case Means for Children’s Privacy Going Forward
The TikTok lawsuit and settlement represent a turning point in federal enforcement of children’s privacy protections. The aggressive penalty framework and the emphasis on third-party data sharing signal that regulators are prepared to impose substantial financial consequences on platforms that treat COPPA as a minor compliance burden rather than a legal mandate. For other social media companies and app developers, the case creates a clear message: age verification and parental consent mechanisms are not optional niceties but fundamental requirements that will be actively monitored and enforced.
Looking ahead, the case may also reshape how the tech industry approaches children’s data more broadly. As digital platforms become increasingly integrated into children’s daily lives, and as the value of behavioral data for advertising and algorithmic optimization grows, the tension between business models and privacy law will only intensify. The TikTok case demonstrates that regulators are willing to deploy both civil enforcement and private litigation to address the imbalance, and other companies may face similar multi-front legal exposure if they fail to implement robust protections for minors’ data.
Conclusion
The TikTok privacy class action alleges that one of the world’s most popular social media platforms systematically collected personal information from millions of children under 13 without obtaining parental consent, in violation of federal law and a prior settlement agreement. The case involves a $400 million settlement to compensate affected families, substantial government penalties being pursued, and a consolidated class action that consolidates claims from multiple states. The evidence presented suggests that TikTok’s age verification system was ineffective by design or neglect, that the company knew of these vulnerabilities, and that it shared children’s data with third parties without restriction.
If your family believes your child’s data was collected by TikTok without your knowledge or consent, you should monitor the official lawsuit website and watch for notices from the claims administrator regarding deadlines to submit a claim. The settlement provides one mechanism for compensation, and eligibility requirements will be specified in the settlement agreement. The case also serves as a broader reminder that federal regulators are increasingly aggressive in protecting children’s privacy online, and that previous settlement agreements will be actively enforced against companies that choose not to comply.