`
`
`
`IN THE UNITED STATES DISTRICT COURT
`FOR THE NORTHERN DISTRICT OF ILLINOIS
`EASTERN DIVISION
`
`
`T.K., THROUGH HER MOTHER SHERRI
`LESHORE, and A.S., THROUGH HER
`MOTHER, LAURA LOPEZ, individually and
`on behalf of all others similarly situated,
`
`
`Plaintiffs,
`
`v.
`
`
`
`BYTEDANCE TECHNOLOGY CO., LTD.,
`MUSICAL.LY INC., MUSICAL.LY THE
`CAYMAN ISLANDS CORPORATION, and
`TIKTOK, INC.,
`
`
`Defendants.
`
`
`
`
`
`
`
`
`
` Case No. 19-cv-7915
`
`
`Hon. _______________
`
` CLASS ACTION COMPLAINT
`
` JURY TRIAL DEMANDED
`
`
` Plaintiffs T.K. and A.S., minor children, by and through their respective mothers and legal
`
`CLASS ACTION COMPLAINT
`
`guardians, SHERRI LESHORE and LAURA LOPEZ, individually and on behalf of all other
`
`persons similarly situated, for their Class Action Complaint against Defendants BYTEDANCE
`
`TECHNOLOGY CO., LTD., MUSICAL.LY INC., MUSICAL.LY THE CAYMAN ISLANDS
`
`CORPORATION, and TIKTOK, INC. (collectively, “Defendants”), allege the following based
`
`upon personal knowledge as to themselves and their own actions, and, as to all other matters,
`
`allege, upon information and belief and investigation of their counsel, as follows:
`
`NATURE OF THE ACTION
`
`1.
`
`This case alleges that Defendants, in a quest to generate profits, surreptitiously
`
`tracked, collected, and disclosed the personally identifiable information and/or viewing data of
`
`children under the age of 13— without parental consent—while they were using Defendants’ video
`
`social networking platform, i.e., software application (the “App.”). As set forth herein, these unfair
`
`
`
`1
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 2 of 25 PageID #:1
`
`
`
`and deceptive business practices have had serious ramifications, including, but not limited to,
`
`children being stalked on-line by adults. As a result, Plaintiffs bring claims under federal and state
`
`laws to obtain redress for themselves and the class members they seek to represent.
`
`PARTIES
`
`2.
`
`Plaintiff T.K. and her mother and natural guardian Sherri LeShore are, and at all
`
`times relevant were, citizens of the State of Illinois residing in the City of Chicago. Plaintiff T.K.
`
`was under the age of 13 while using the App. Plaintiff T.K. was not asked for verifiable parental
`
`consent to collect, disclose, or use her personally identifiable information, including persistent
`
`identifiers, and/or viewing data, nor was Plaintiff T.K.’s mother, Sherri LeShore, provided direct
`
`notice with regard to the collection, use, and disclosure of such data.
`
`3.
`
`Plaintiff A.S. and her mother and natural guardian Laura Lopez are, and at all times
`
`relevant were, citizens of the State of California residing in the City of Gustine. Plaintiff A.S. was
`
`under the age of 13 while using the App. Plaintiff A.S. was not asked for verifiable parental
`
`consent to collect, disclose, or use her personally identifiable information, including persistent
`
`identifiers, and/or viewing data, nor was Plaintiff A.S.’s mother, Laura Lopez, provided direct
`
`notice with regard to the collection, use, and disclosure of such data.
`
`4.
`
`Defendant, Beijing ByteDance Technology Co Ltd. (“ByteDance”) is a privately
`
`held company headquartered in Beijing, China. ByteDance acquired, owns and/or otherwise
`
`controls Defendants Musical.ly, Inc., Musical.ly, a Cayman Islands corporation, and TikTok, Inc.
`
`By virtue of its control over these Defendants, ByteDance is responsible for the conduct alleged
`
`herein.
`
`5.
`
`Defendant Musical.ly is a Cayman Islands corporation (hereinafter, “Musical.ly of
`
`Cayman Islands”), with its principal place of business in Shanghai, China.
`
`
`
`2
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 3 of 25 PageID #:1
`
`
`
`6.
`
`Defendant, Musical.ly, Inc. is a California corporation with its principal place of
`
`business in Santa Monica, California, and is a wholly owned subsidiary of Musical.ly of Cayman
`
`Islands.
`
`7.
`
`Defendant TikTok, Inc., is a California corporation with its principal place of
`
`business in Santa Monica, California, and is a wholly owned subsidiary of Musical.ly of Cayman
`
`Islands.
`
`JURISDICTION AND VENUE
`
`8.
`
`This Court has subject matter jurisdiction pursuant to the Class Action Fairness Act
`
`of 2005 (hereinafter referred to as “CAFA”) codified as 28 U.S.C. § 1332(d)(2) because the claims
`
`of the proposed Class Members exceed $5,000,000 and because Defendants are citizens of a
`
`different state than most Class Members.
`
`9.
`
`The Court has personal jurisdiction over Defendants because they regularly conduct
`
`business in this District and/or under the stream of commerce doctrine by causing their products
`
`and services to be disseminated in this District, including the App downloaded and used by
`
`Plaintiffs.
`
`10.
`
`Venue is proper because a substantial portion of the events complained of occurred
`
`in this District and this Court has jurisdiction over the Defendants.
`
`FACTUAL ALLEGATIONS
`
`COPPA Prohibits the Collection of Children’s
`Personally Identifiable Information Without Verifiable Parental Consent
`
`
`11.
`
`Recognizing the vulnerability of children in the Internet age, in 1999 Congress
`
`enacted the Children’s Online Privacy Protection Act (COPPA). See 15 U.S.C. §§ 6501–6506.
`
`COPPA’s express goal is to protect children’s privacy while they are connected to the internet.
`
`Under COPPA, developers of child-focused apps cannot lawfully obtain the personally
`
`
`
`3
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 4 of 25 PageID #:1
`
`
`
`identifiable information of children under 13 years of age without first obtaining verifiable
`
`consent from their parents.
`
`12.
`
`COPPA applies to any operator of a commercial website or online service
`
`(including an app) that is directed to children and that: (a) collects, uses, and/or discloses
`
`personally identifiable information from children, or (b) on whose behalf such information is
`
`collected or maintained. Under COPPA, personally identifiable information is “collected or
`
`maintained on behalf of an operator when…[t]he operator benefits by allowing another person
`
`to collect personally identifiable information directly from users of” an online service. 16
`
`C.F.R. § 312.2. In addition, COPPA applies to any operator of a commercial website or online
`
`service that has actual knowledge that it collects, uses, and/or discloses personally identifiable
`
`information from children.
`
`13. Under COPPA, “personally identifiable information” includes information like
`
`names, email addresses, and social security numbers. COPPA’s broad definition of “ personally
`
`identifiable information” is as follows:
`
`“individually identifiable information about an individual collected online,” which
`includes (1) a first and last name; (2) a physical address including street name and name
`of a city or town; (3) online contact information (separately defined as “an email
`address or any other substantially similar identifier that permits direct contact with a
`person online”); (4) a screen name or user name; (5) telephone number; (6) social
`security number; (7) a media file containing a child’s image or voice; (8) geolocation
`information sufficient to identify street name and name of a city or town; (9) a
`“persistent identifier that can be used to recognize a user over time and across different
`Web sites or online services” (including but not limited to “a customer number held in
`a cookie, an Internet Protocol (IP) address, a processor or device serial number, or
`unique device identifier”); and (10) any information concerning the child or the child’s
`parents that the operator collects then combines with an identifier.
`
`14.
`
`The FTC
`
`regards “persistent
`
`identifiers” as “personally
`
`identifiable”
`
`information that can be reasonably linked to a particular child. The FTC amended COPPA’s
`
`
`
`4
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 5 of 25 PageID #:1
`
`
`
`definition of “personally identifiable information” to clarify the inclusion of persistent
`
`identifiers.1
`
`15.
`
`In order to lawfully collect, use, or disclose personally identifiable information,
`
`COPPA requires that an operator meet specific requirements, including each of the following:
`
`a)
`
`b)
`
`c)
`
`Posting a privacy policy on its website or online service providing clear,
`understandable, and complete notice of its information practices, including what
`information the website operator collects from children online, how it uses such
`information, its disclosure practices for such information, and other specific
`disclosures as set forth in the Rule;
`
`Providing clear, understandable, and complete notice of its information
`practices, including specific disclosures, directly to parents; and
`
`Obtaining verifiable parental consent prior to collecting, using, and/or
`disclosing personally identifiable information from children.
`
`16. Under COPPA, “[o]btaining verifiable consent means making any reasonable
`
`effort (taking into consideration available technology) to ensure that before personally
`
`identifiable information is collected from a child, a parent of the child. . . [r]eceives notice of
`
`the operator's personally identifiable information collection, use, and disclosure practices; and
`
`[a]uthorizes any collection, use, and/or disclosure of the personally identifiable information.”
`
`16 C.F.R. § 312.2.
`
`17.
`
`The FTC recently clarified acceptable methods for obtaining verifiable parental
`
`consent, which include:
`
`a)
`
`b)
`
`providing a consent form for parents to sign and return;
`
`requiring the use of a credit card/online payment that provides notification of
`each transaction;
`
`
`1 See https://www.ftc.gov/news-events/blogs/business-blog/2016/04/keeping-onlineadvertising-industry
`(2016 FTC Blog post from Director of the FTC Bureau of Consumer Protection) (last visited November
`22, 2019).
`
`
`
`5
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 6 of 25 PageID #:1
`
`
`
`c)
`
`d)
`
`e)
`
`f)
`
`g)
`
`connecting to trained personnel via video conference;
`
`calling a staffed toll-free number;
`
`emailing the parent soliciting a response email plus requesting follow-up
`information from the parent;
`
`asking knowledge-based questions; or
`
`verifying a photo ID from the parent compared to a second photo using facial
`recognition technology.2
`
`Defendants Collected and Used Children’s Personally
`Identifiable Information and Viewing Data Through the App
`
`Since at least 2014, Defendants have operated the App which, at all relevant
`
`18.
`
`times, was known as “Musical.ly”. The App was free to download from Apple’s App Store,
`
`Google Play, and the Amazon Appstore, but generated revenue for Defendants through various
`
`means, including in-app purchases. Since 2014, over 200 million users have downloaded the
`
`App worldwide; and, at least, 65 million ‘Musical.ly’ accounts were registered in the United
`
`States.
`
`19.
`
`To register for the App, users provided their email address, phone number,
`
`username, first and last name, short bio, and a profile picture. Between December 2015 and
`
`October 2016, Defendants also collected geolocation information from users of the App, which
`
`enabled Defendants and other users of the App to identify where a user was located.
`
`20. Many users, including children, chose to include an age in their short biography,
`
`which was part of their Musical.ly App profiles.
`
`21. At all relevant times, Defendants failed to deploy appropriate safeguards in their
`
`App that would prevent minor children from creating Musical.ly App accounts, and thereby
`
`
`2 See https://www.ftc.gov/tipsadvice/business-center/guidance/childrens-online-privacy-protection-rule-
`six-step-compliance (last visited November 22, 2019).
`
`
`
`6
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 7 of 25 PageID #:1
`
`
`
`providing their personally identifying information, without first obtaining verifiable parental
`
`consent.
`
`22. Once users created their Musical.ly account, the App provided a platform for
`
`users, including minor children, to create and watch videos, i.e., viewing data, and then
`
`synchronize them with music or audio clips from either the App’s online music library or music
`
`stored on the user’s device. The App’s online library had millions of song tracks, including
`
`songs from popular children’s movies and songs popular among ‘tweens’ and younger
`
`children. The App offered simple tools to create and edit videos. Once the video was
`
`completed, a user had the option to name the video with a title before posting and sharing the
`
`video publicly.
`
`23.
`
`In addition to creating and sharing videos, the App provided a platform for users
`
`to connect and interact with other users. Users could comment on the videos of other users,
`
`and had the option to “follow” other users’ accounts so they could view more of their videos.
`
`Popular users could have millions of “fans” following their accounts. A user’s account was
`
`set to public by default, which means that a user’s profile bio, username, profile picture, and
`
`videos were public and searchable by other users. And, while users had the option to set their
`
`accounts to “private” so that only approved followers could view their videos, their profiles,
`
`including usernames, profile pictures and bios, remained public and searchable by other
`
`users.
`
`24.
`
`The App also allowed users to send direct messages to communicate with other
`
`users. These direct messages could include colorful and bright emoji characters ranging from
`
`animals, smiley faces, cars, trucks, and hearts, among many others. By default, an App user
`
`could direct message any other user.
`
`
`
`7
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 8 of 25 PageID #:1
`
`
`
`25.
`
`Because the App had virtually all privacy features disabled by default, there
`
`were serious ramifications, including reports of adults trying to contact minor children via the
`
`App.
`
`26.
`
`These reports exposed the dangerous potential of the App, which allowed adults
`
`posing as children to send inappropriate messages to minor children using the App.
`
`27.
`
`Indeed, the dark underbelly of the App had become so prevalent that one news
`
`source even called it a “hunting ground” for pedophiles3 and pointed out that schools were
`
`forced to warn parents directly about the hidden dangers of using the App.
`
`28. Another article, entitled “Do Your Kids Like Musical.ly? So Do Traffickers and
`
`Pedophiles4” details how one vigilant parent discovered that the App she downloaded onto her
`
`own phone for her daughter’s use had a video chat feature enabled, allowing an adult man to
`
`attempt to video chat with her minor daughter. She then realized that this same man had been
`
`messaging her daughter and commenting on and liking her daughter’s videos for weeks
`
`29. Yet another article5 recounts the story of disturbing messages sent to a seven-
`
`year old girl through the App. These messages were from a Musical.ly user posing as a nine-
`
`year old girl, asking the young girl to send naked pictures of herself but not to tell anyone.
`
`30.
`
`Even worse, until October 2016, the App had a feature where a user could tap
`
`on the “my city” tab which provided the user with a list of other users within a 50 -mile radius,
`
`and with whom the user could connect and interact with by following the user or sending direct
`
`messages.
`
`
`3 https://www.irishmirror.ie/news/paedophiles-hunting-children-through-tiktok-14042405
`4https://www.king5.com/article/news/local/do-your-kids-like-musically-so-do-traffickers-and-
`pedophiles/281-537925828
`5 https://www.usmagazine.com/celebrity-news/news/dad-shares-gross-messages-sent-to-young- daughter-
`on-musically-w498946/
`
`
`
`8
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 9 of 25 PageID #:1
`
`
`
`31. A significant percentage of Musical.ly App. users were children under 13, and
`
`numerous press articles between 2016 and 2018 highlight the popularity of the App among
`
`‘tweens’ and younger children.
`
`32. What’s more, Defendants were aware that children were using the App. As of
`
`at least October 2016, Defendants, via their website, offered limited guidance to parents
`
`advising them to monitor their children’s use of the App. However, Defendant’s limited
`
`guidance was mere ‘window dressing’.
`
`33. Defendants received thousands of complaints from parents that their minor
`
`children had created a Musical.ly App account without their knowledge. For example, in the
`
`two-week period between September 15, 2016 and September 30, 2016, Defendants received
`
`more than 300 complaints from parents asking to have their child’s account closed.
`
`34.
`
`In December 2016, a third party alleged in an interview with the co -founder of
`
`Defendants that seven users whose accounts were among the most popular in terms of
`
`followers appeared to be children under 13. Shortly thereafter, Defendants then reviewed their
`
`most popular users and determined an additional 39 appeared to be under the age of 13. In
`
`February 2017, Defendants sent messages to these 46 users’ email addresses telling users under
`
`13 to edit their profile description to indicate that their accounts were being run by a parent or
`
`adult talent manager. Defendants, however, did not take any steps to ensure that the person
`
`who was responding to the request was a parent and not the child user.
`
`35. Defendants operated their App in a reckless and unlawful manner for
`
`commercial gain. On information and belief, Defendants surreptitiously tracked, collected,
`
`and disclosed the personally identifiable information and/or viewing data—such as the lip
`
`synching videos—of minor children, and then sold that data to third-party advertisers so they
`
`
`
`9
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 10 of 25 PageID #:1
`
`
`
`could, in turn, market their products and services on Defendants’ App through the purchase of
`
`advertising space.
`
`36.
`
`The App has been so lucrative that in December of 2017, Defendant ByteDance
`
`paid $1 billion to acquire it.6 In August of 2018, the Musical.ly App was merged with the
`
`TikTok app under the TikTok name. The Defendants operate the merged TikTok app.
`
`37.
`
`In their quest for profits, however, Defendants failed to safeguard minor
`
`children’s personally identifiable information and/or viewing data and ensure that the sale
`
`and/or transfer of said data to third-parties’ was lawful.
`
`
`
`Defendants’ App Was Directed to Children
`
`38.
`
`COPPA defines “children” as individuals under the age of 13. See 16 C.F.R. § 312.2. An app
`
`is directed to children if the “subject matter, visual content, use of animated characters or child -
`
`oriented activities and incentives, music or other audio content, age of models, presence of
`
`child celebrities or celebrities who appeal to children, language or other characteristics of the
`
`Web site or online service, as well as whether advertising promoting or appearing on the Web
`
`site or online service is directed to children.” See 16 C.F.R. § 312.2.
`
`39. As alleged herein, the Musical.ly App was directed to children under the age 13.
`
`For example, seven users whose accounts were among the most popular in terms of followers
`
`appeared to be children under 13. Shortly thereafter, Defendants then reviewed their most
`
`popular users and determined an additional 39 appeared to be under 13.
`
`40. What’s more, the App offered ‘song folders’ from which users could select
`
`songs for making their videos. At various times material to this Complaint, the App included
`
`
`6 https://www.cnbc.com/2017/11/10/musical-ly-app-sells-for-1-billion.html (last accessed November 22,
`2019).
`
`
`
`10
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 11 of 25 PageID #:1
`
`
`
`song folders appealing to children, such as “Disney” and “school.” The Disney folder included
`
`songs related to Disney children movies such as the Lion King and Toy Story.
`
`41.
`
`Similarly, the App promoted many musicians and entertainers popular with
`
`‘tweens, such as Katy Perry, Selena Gomez, Ariana Grande, Meghan Train or, among many
`
`others—all who owned Musical.ly App accounts. These artists often encouraged their fan
`
`base, made up primarily of children and ‘tweens, to post and share videos of themselves
`
`dancing or lip-syncing to their new releases.
`
`42. Moreover, the App deployed tools that made it easy for children to create and
`
`upload videos. The App further allowed users to send other users colorful emojis such as cute
`
`animals and smiley faces.
`
`43.
`
`Because of these kid-friendly features and/or marketing efforts, a large
`
`percentage of App users were under the age of 13. Indeed, many users self-identified as under
`
`the age of 13 in their profile bios.
`
`44.
`
`For the reasons discussed herein, Defendants had actual knowledge they were
`
`collecting personally identifiable information and/or viewing data from children. The youth of
`
`the user base is easily apparent in perusing users’ profile pictures and in reviewing users’
`
`profiles, many of which explicitly noted the child’s age, birthdate, or school.
`
`45. Moreover, since at least 2014, Defendants received thousands of complaints
`
`from parents of children under the age of 13 who were registered users of Defendants’ online
`
`service. In just a two-week period in September 2016, Defendants received over 300
`
`complaints from parents asking that their child’s account be deleted.
`
`46.
`
`Finally, the App contains child-oriented “subject matter, visual content, use of
`
`animated characters or child-oriented activities and incentives, music or other audio content,
`
`
`
`11
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 12 of 25 PageID #:1
`
`
`
`age of models, presence of child celebrities or celebrities who appeal to children, language or
`
`other characteristics of the Web site or online service, as well as whether advertising promoting
`
`or appearing on the Web site or online service is directed to children.” 16 C.F.R. § 312.2.
`
`Defendants Are Operators under COPPA
`
`47.
`
`Each Defendant is an “operator” pursuant to COPPA. Specifically, COPPA
`
`defines an “operator,” in pertinent part, as:
`
`any person who operates a Web site located on the Internet or an online service and
`who collects or maintains personally identifiable information from or about the users
`of or visitors to such Web site or online service, or on whose behalf such information
`is collected or maintained, or offers products or services for sale through that Web site
`or online service, where such Web site or online service is operated for commercial
`purposes involving commerce among the several States or with 1 or more foreign
`nations; in any territory of the United States or in the District of Columbia, or between
`any such territory and another such territory or any State or foreign nation; or between
`the District of Columbia and any State, territory, or foreign nation.
`
`16 C.F.R. § 312.2.
`
`48. Defendants operated the App entirely online. Indeed, without a connection to
`
`the internet, Plaintiffs could not have downloaded and used the App.
`
`Defendants Engaged in the Foregoing Acts
`Without Obtaining Verifiable Parental Consent
`
`49. Defendants collected, used, or disclosed the personally identifiable information
`
`and/or viewing data of Plaintiffs’ and class members’ without notifying their parents and/or
`
`guardians. Defendants never obtained verifiable parental consent to collect, use, or disclose
`
`children’s personally identifiable information and/or viewing data.
`
`50.
`
`Plaintiffs never knew that Defendants collected, disclosed, or used their
`
`personally identifiable information and/or viewing data because Defendants at all times failed
`
`to provide Plaintiffs’ parents/guardians any of the required disclosures, never sought verifiable
`
`
`
`12
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 13 of 25 PageID #:1
`
`
`
`parental consent, and never provided a mechanism by which the Plaintiffs ’ parents/guardians
`
`could provide verifiable consent.
`
`51. Defendants unlawful collection of Plaintiffs’ and class members’ personally
`
`identifiable information and/or viewing data for commercial gain exposed them to pedophiles
`
`and other predators online.
`
`The FTC Files a Complaint Against Defendants and
`Levies the Largest Fine Ever Under COPPA
`
`In February of 2019, the Federal Trade Commission filed a complaint against
`
`52.
`
`Defendants for violations of COPPA in connection with the conduct alleged herein.
`
`53.
`
`Subsequent to the filing of the FTC complaint, Defendants agreed to pay $5.7
`
`million to settle the allegations that the company illegally collected personally identifiable
`
`information from children in violation of COPPA.
`
`54. At the time, the ‘Musical.ly settlement’ was the largest civil penalty ever
`
`obtained by the FTC in a children’s privacy case.
`
`55.
`
`In addition to the monetary penalty, the settlement also requires Defendants to
`
`comply with COPPA going forward and to take offline all videos made by children un der the
`
`age of 13.
`
`56.
`
`The February 27, 2019 Joint Statement of Commissioner Rohit Chopra and
`
`Commissioner Rebecca Kelly Slaughter calls the FTC complaint and settlement a “major
`
`milestone” for COPPA enforcement and a “big win in the fight to protect childre n’s privacy.”
`
`57.
`
`Still, Defendants have not made whole the millions of consumers harmed by
`
`their unlawful conduct. Accordingly, Plaintiffs bring this class action for relief.
`
`
`
`
`
`
`
`13
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 14 of 25 PageID #:1
`
`
`
`Fraudulent Concealment and Tolling
`
`58.
`
`The applicable statutes of limitations are tolled by virtue of Defendants’
`
`knowing and active concealment of the facts alleged above. Plaintiffs and class members were
`
`ignorant of the information essential to the pursuit of these claims, without any fault or lack of
`
`diligence on their own part.
`
`59. Defendants were under a duty to disclose the true character, quality, and nature
`
`of their activities to Plaintiffs and the class members. Defendants are therefore estopped from
`
`relying on any statute of limitations.
`
`60. Defendants’ fraudulent concealment is common to the Classes.
`
`CLASS ACTION ALLEGATIONS
`
`61.
`
`Pursuant to Federal Rule of Civil Procedure 23, Plaintiffs seek certification of a
`
`Class defined as follows:
`
`The National Class: All persons residing in the United States who registered for or
`used the Musical.ly and/or TikTok software application prior to the Effective Date
`when under the age of 13 and their parents and/or legal guardians.
`
`57.
`
`Plaintiffs also seek certification of the following State subclasses
`
`The California Subclass: All persons residing in the State of California who registered
`for or used the Musical.ly and/or TikTok software application prior to the Effective
`Date when under the age of 13 and their parents and/or legal guardians.
`
`The Illinois Subclass: All persons residing in the State of Illinois who registered for
`or used the Musical.ly and/or TikTok software application prior to the Effective Date
`when under the age of 13 and their parents and/or legal guardians.
`
`62.
`
`Plaintiffs reserve the right to modify or refine the Class definitions based upon
`
`discovery of new information and in order to accommodate any of the Court’s manageability
`
`concerns.
`
`
`
`14
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 15 of 25 PageID #:1
`
`
`
`63.
`
`Excluded from the Classes are: (a) any Judge or Magistrate Judge presiding over
`
`this action and members of their staff, as well as members of their families; (b) Defendants,
`
`Defendants’ predecessors, parents, successors, heirs, assigns, subsidiaries, and any entity in
`
`which any Defendants or their parents have a controlling interest, as well as D efendants’
`
`current or former employees, agents, officers, and directors; (c) persons who properly execute
`
`and file a timely request for exclusion from the Classes; (d) persons whose claims in this matter
`
`have been finally adjudicated on the merits or otherwise released; (e) counsel for Plaintiffs and
`
`Defendants; and (f) the legal representatives, successors, and assigns of any such excluded
`
`persons.
`
`The Classes Satisfy the Rule 23 Requirements
`
`64. Ascertainability. The proposed Classes are readily ascertainable because they
`
`are defined using objective criteria so as to allow class members to determine if they are part
`
`of the Classes.
`
`65. Numerosity (Rule 23(a)(1)). The Classes are so numerous that joinder of
`
`individual members herein is impracticable. The exact number of Class members, as herein
`
`identified and described, is approximately 6 million individuals.
`
`66.
`
`Commonality. (Rule 23(a)(2)). Common questions of fact and law exist for each
`
`cause of action and predominate over questions affecting only individual Class members,
`
`including the following:
`
`a)
`
`Whether Defendants engaged in the activities referenced in the above
`paragraphs;
`
`b) Whether Defendants provided disclosure of all the activities referenced in the
`above paragraphs on the App, as required by COPPA;
`
`c)
`
`Whether Defendants directly notified parents of any of the activities referenced
`in the above paragraphs;
`
`
`
`15
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 16 of 25 PageID #:1
`
`
`
`d) Whether Defendants sought verifiable parental consent prior to engaging in any
`of the activities referenced in the above paragraphs;
`
`e)
`
`f)
`
`Whether Defendants provided a process or mechanism for parents to provide
`verifiable parental consent prior to engaging in any of the activities reference d
`in the above paragraphs;
`
`Whether Defendants received verifiable parental consent prior to engaging in
`any of the activities referenced in the above paragraphs;
`
`g) Whether Defendants’ acts and practices complained of herein violate the Video
`Privacy Protection Act;
`
`h) Whether Defendants’ acts and practices complained of herein amount to acts of
`intrusion upon seclusion;
`
`i)
`
`j)
`
`Whether Defendants’ conduct violated the State consumer protection and
`privacy laws invoked herein;
`
`Whether California has a significant contact to the claims of each class member
`to apply California law to all members of the Nationwide Class; and
`
`k) Whether members of the Classes have sustained damages, and, if so, in what
`amount.
`
`67.
`
`Typicality. (Rule 23(a)(3)). Plaintiffs’ claims are typical of the claims of
`
`members of the proposed Classes because, among other things, Plaintiffs and members of the
`
`Classes sustained similar injuries as a result of Defendants’ uniform wrongful conduct and
`
`their legal claims all arise from the same events and wrongful conduct by Defendants.
`
`68. Adequacy. (Rule 23(a)(4)). Plaintiffs will fairly and adequately protect the
`
`interests of the proposed Classes. Plaintiffs’ interests do not conflict with the interests of the
`
`Class members and Plaintiffs have retained counsel experienced in complex class action and
`
`data privacy litigation to prosecute this case on behalf of the Class es.
`
`69.
`
`Predominance & Superiority (Rule 23(b)(3)). In addition to satisfying the
`
`prerequisites of Rule 23(a), Plaintiffs satisfy the requirements for maintaining a class action
`
`
`
`16
`
`
`
`Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 17 of 25 PageID #:1
`
`
`
`under Rule 23(b)(3). Common questions of law and fact predominate over any questions
`
`affecting only individual Class members, and a class action is superior to individual litigation
`
`and all other available methods for the fair and efficient adjudication of this controversy. The
`
`amount of damages available to individual plaintiffs is insufficient to make litigation
`
`addressing Defendants’ conduct economically feasible in the absence of the class action
`
`procedure. Individualized litigation also presents a potential for inconsistent or contradictory
`
`judgments, and increases the delay and expense presented by the complex legal and factu al
`
`issues of the case to all parties and the court system. By contrast, the class action device
`
`presents far fewer management difficulties and provides the benefits of a single adjudication,
`
`economy of scale, and comprehensive supervision by a single court.
`
`CAUSES OF ACTION
`
`COUNT I
`
`Violation of the Video Privacy Protection Act,