Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 1 of 25 PageID #:1

IN THE UNITED STATES DISTRICT COURT

FOR THE NORTHERN DISTRICT OF ILLINOIS
EASTERN DIVISION

T.K., THROUGH HER MOTHER SHERRI

LESHORE, and A.S., THROUGH HER
MOTHER, LAURA LOPEZ, individually and
on behalf of all others similarly situated,

Plaintiffs, Case No. 19-cv-7915

v.
Hon. _______________
BYTEDANCE TECHNOLOGY CO., LTD.,
MUSICAL.LY INC., MUSICAL.LY THE CLASS ACTION COMPLAINT
CAYMAN ISLANDS CORPORATION, and
TIKTOK, INC., JURY TRIAL DEMANDED

Defendants.

CLASS ACTION COMPLAINT

Plaintiffs T.K. and A.S., minor children, by and through their respective mothers and legal

guardians, SHERRI LESHORE and LAURA LOPEZ, individually and on behalf of all other

persons similarly situated, for their Class Action Complaint against Defendants BYTEDANCE

TECHNOLOGY CO., LTD., MUSICAL.LY INC., MUSICAL.LY THE CAYMAN ISLANDS

CORPORATION, and TIKTOK, INC. (collectively, “Defendants”), allege the following based

upon personal knowledge as to themselves and their own actions, and, as to all other matters,

allege, upon information and belief and investigation of their counsel, as follows:

NATURE OF THE ACTION

1. This case alleges that Defendants, in a quest to generate profits, surreptitiously

tracked, collected, and disclosed the personally identifiable information and/or viewing data of

children under the age of 13— without parental consent—while they were using Defendants’ video

social networking platform, i.e., software application (the “App.”). As set forth herein, these unfair

1
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 2 of 25 PageID #:1

and deceptive business practices have had serious ramifications, including, but not limited to,

children being stalked on-line by adults. As a result, Plaintiffs bring claims under federal and state

laws to obtain redress for themselves and the class members they seek to represent.

PARTIES

2. Plaintiff T.K. and her mother and natural guardian Sherri LeShore are, and at all

times relevant were, citizens of the State of Illinois residing in the City of Chicago. Plaintiff T.K.

was under the age of 13 while using the App. Plaintiff T.K. was not asked for verifiable parental

consent to collect, disclose, or use her personally identifiable information, including persistent

identifiers, and/or viewing data, nor was Plaintiff T.K.’s mother, Sherri LeShore, provided direct

notice with regard to the collection, use, and disclosure of such data.

3. Plaintiff A.S. and her mother and natural guardian Laura Lopez are, and at all times

relevant were, citizens of the State of California residing in the City of Gustine. Plaintiff A.S. was

under the age of 13 while using the App. Plaintiff A.S. was not asked for verifiable parental

consent to collect, disclose, or use her personally identifiable information, including persistent

identifiers, and/or viewing data, nor was Plaintiff A.S.’s mother, Laura Lopez, provided direct

notice with regard to the collection, use, and disclosure of such data.

4. Defendant, Beijing ByteDance Technology Co Ltd. (“ByteDance”) is a privately

held company headquartered in Beijing, China. ByteDance acquired, owns and/or otherwise

controls Defendants Musical.ly, Inc., Musical.ly, a Cayman Islands corporation, and TikTok, Inc.

By virtue of its control over these Defendants, ByteDance is responsible for the conduct alleged

herein.

5. Defendant Musical.ly is a Cayman Islands corporation (hereinafter, “Musical.ly of

Cayman Islands”), with its principal place of business in Shanghai, China.

2
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 3 of 25 PageID #:1

6. Defendant, Musical.ly, Inc. is a California corporation with its principal place of

business in Santa Monica, California, and is a wholly owned subsidiary of Musical.ly of Cayman

Islands.

7. Defendant TikTok, Inc., is a California corporation with its principal place of

business in Santa Monica, California, and is a wholly owned subsidiary of Musical.ly of Cayman

Islands.

JURISDICTION AND VENUE

8. This Court has subject matter jurisdiction pursuant to the Class Action Fairness Act

of 2005 (hereinafter referred to as “CAFA”) codified as 28 U.S.C. § 1332(d)(2) because the claims

of the proposed Class Members exceed $5,000,000 and because Defendants are citizens of a

different state than most Class Members.

9. The Court has personal jurisdiction over Defendants because they regularly conduct

business in this District and/or under the stream of commerce doctrine by causing their products

and services to be disseminated in this District, including the App downloaded and used by

Plaintiffs.

10. Venue is proper because a substantial portion of the events complained of occurred

in this District and this Court has jurisdiction over the Defendants.

FACTUAL ALLEGATIONS

COPPA Prohibits the Collection of Children’s

Personally Identifiable Information Without Verifiable Parental Consent

11. Recognizing the vulnerability of children in the Internet age, in 1999 Congress

enacted the Children’s Online Privacy Protection Act (COPPA). See 15 U.S.C. §§ 6501–6506.

COPPA’s express goal is to protect children’s privacy while they are connected to the internet.

Under COPPA, developers of child-focused apps cannot lawfully obtain the personally

3
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 4 of 25 PageID #:1

identifiable information of children under 13 years of age without first obtaining verifiable

consent from their parents.

12. COPPA applies to any operator of a commercial website or online service

(including an app) that is directed to children and that: (a) collects, uses, and/or discloses

personally identifiable information from children, or (b) on whose behalf such information is

collected or maintained. Under COPPA, personally identifiable information is “collected or

maintained on behalf of an operator when…[t]he operator benefits by allowing another person

to collect personally identifiable information directly from users of” an online service. 16

C.F.R. § 312.2. In addition, COPPA applies to any operator of a commercial website or online

service that has actual knowledge that it collects, uses, and/or discloses personally identifiable

information from children.

13. Under COPPA, “personally identifiable information” includes information like

names, email addresses, and social security numbers. COPPA’s broad definition of “personally

identifiable information” is as follows:

“individually identifiable information about an individual collected online,” which

includes (1) a first and last name; (2) a physical address including street name and name
of a city or town; (3) online contact information (separately defined as “an email
address or any other substantially similar identifier that permits direct contact with a
person online”); (4) a screen name or user name; (5) telephone number; (6) social
security number; (7) a media file containing a child’s image or voice; (8) geolocation
information sufficient to identify street name and name of a city or town; (9) a
“persistent identifier that can be used to recognize a user over time and across different
Web sites or online services” (including but not limited to “a customer number held in
a cookie, an Internet Protocol (IP) address, a processor or device serial number, or
unique device identifier”); and (10) any information concerning the child or the child’s
parents that the operator collects then combines with an identifier.

14. The FTC regards “persistent identifiers” as “personally identifiable”

information that can be reasonably linked to a particular child. The FTC amended COPPA’s

4
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 5 of 25 PageID #:1

definition of “personally identifiable information” to clarify the inclusion of persistent

identifiers.1

15. In order to lawfully collect, use, or disclose personally identifiable information,

COPPA requires that an operator meet specific requirements, including each of the following:

a) Posting a privacy policy on its website or online service providing clear,

understandable, and complete notice of its information practices, including what
information the website operator collects from children online, how it uses such
information, its disclosure practices for such information, and other specific
disclosures as set forth in the Rule;

b) Providing clear, understandable, and complete notice of its information

practices, including specific disclosures, directly to parents; and

c) Obtaining verifiable parental consent prior to collecting, using, and/or

disclosing personally identifiable information from children.

16. Under COPPA, “[o]btaining verifiable consent means making any reasonable

effort (taking into consideration available technology) to ensure that before personally

identifiable information is collected from a child, a parent of the child. . . [r]eceives notice of

the operator's personally identifiable information collection, use, and disclosure practices; and

[a]uthorizes any collection, use, and/or disclosure of the personally identifiable information.”

16 C.F.R. § 312.2.

17. The FTC recently clarified acceptable methods for obtaining verifiable parental

consent, which include:

a) providing a consent form for parents to sign and return;

b) requiring the use of a credit card/online payment that provides notification of

each transaction;

1
See https://www.ftc.gov/news-events/blogs/business-blog/2016/04/keeping-onlineadvertising-industry
(2016 FTC Blog post from Director of the FTC Bureau of Consumer Protection) (last visited November
22, 2019).

5
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 6 of 25 PageID #:1

c) connecting to trained personnel via video conference;

d) calling a staffed toll-free number;

e) emailing the parent soliciting a response email plus requesting follow-up

information from the parent;

f) asking knowledge-based questions; or

g) verifying a photo ID from the parent compared to a second photo using facial
recognition technology.2

Defendants Collected and Used Children’s Personally

Identifiable Information and Viewing Data Through the App

18. Since at least 2014, Defendants have operated the App which, at all relevant

times, was known as “Musical.ly”. The App was free to download from Apple’s App Store,

Google Play, and the Amazon Appstore, but generated revenue for Defendants through various

means, including in-app purchases. Since 2014, over 200 million users have downloaded the

App worldwide; and, at least, 65 million ‘Musical.ly’ accounts were registered in the United

States.

19. To register for the App, users provided their email address, phone number,

username, first and last name, short bio, and a profile picture. Between December 2015 and

October 2016, Defendants also collected geolocation information from users of the App, which

enabled Defendants and other users of the App to identify where a user was located.

20. Many users, including children, chose to include an age in their short biography,

which was part of their Musical.ly App profiles.

21. At all relevant times, Defendants failed to deploy appropriate safeguards in their

App that would prevent minor children from creating Musical.ly App accounts, and thereby

2
See https://www.ftc.gov/tipsadvice/business-center/guidance/childrens-online-privacy-protection-rule-
six-step-compliance (last visited November 22, 2019).

6
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 7 of 25 PageID #:1

providing their personally identifying information, without first obtaining verifiable parental

consent.

22. Once users created their Musical.ly account, the App provided a platform for

users, including minor children, to create and watch videos, i.e., viewing data, and then

synchronize them with music or audio clips from either the App’s online music library or music

stored on the user’s device. The App’s online library had millions of song tracks, including

songs from popular children’s movies and songs popular among ‘tweens’ and younger

children. The App offered simple tools to create and edit videos. Once the video was

completed, a user had the option to name the video with a title before posting and sharing the

video publicly.

23. In addition to creating and sharing videos, the App provided a platform for users

to connect and interact with other users. Users could comment on the videos of other users,

and had the option to “follow” other users’ accounts so they could view more of their videos.

Popular users could have millions of “fans” following their accounts. A user’s account was

set to public by default, which means that a user’s profile bio, username, profile picture, and

videos were public and searchable by other users. And, while users had the option to set their

accounts to “private” so that only approved followers could view their videos, their profiles,

including usernames, profile pictures and bios, remained public and searchable by other

users.

24. The App also allowed users to send direct messages to communicate with other

users. These direct messages could include colorful and bright emoji characters ranging from

animals, smiley faces, cars, trucks, and hearts, among many others. By default, an App user

could direct message any other user.

7
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 8 of 25 PageID #:1

25. Because the App had virtually all privacy features disabled by default, there

were serious ramifications, including reports of adults trying to contact minor children via the

App.

26. These reports exposed the dangerous potential of the App, which allowed adults

posing as children to send inappropriate messages to minor children using the App.

27. Indeed, the dark underbelly of the App had become so prevalent that one news

source even called it a “hunting ground” for pedophiles3 and pointed out that schools were

forced to warn parents directly about the hidden dangers of using the App.

28. Another article, entitled “Do Your Kids Like Musical.ly? So Do Traffickers and

Pedophiles4” details how one vigilant parent discovered that the App she downloaded onto her

own phone for her daughter’s use had a video chat feature enabled, allowing an adult man to

attempt to video chat with her minor daughter. She then realized that this same man had been

messaging her daughter and commenting on and liking her daughter’s videos for weeks

29. Yet another article5 recounts the story of disturbing messages sent to a seven-

year old girl through the App. These messages were from a Musical.ly user posing as a nine-

year old girl, asking the young girl to send naked pictures of herself but not to tell anyone.

30. Even worse, until October 2016, the App had a feature where a user could tap

on the “my city” tab which provided the user with a list of other users within a 50-mile radius,

and with whom the user could connect and interact with by following the user or sending direct

messages.

3
https://www.irishmirror.ie/news/paedophiles-hunting-children-through-tiktok-14042405
4
https://www.king5.com/article/news/local/do-your-kids-like-musically-so-do-traffickers-and-
pedophiles/281-537925828
5
https://www.usmagazine.com/celebrity-news/news/dad-shares-gross-messages-sent-to-young- daughter-
on-musically-w498946/

8
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 9 of 25 PageID #:1

31. A significant percentage of Musical.ly App. users were children under 13, and

numerous press articles between 2016 and 2018 highlight the popularity of the App among

‘tweens’ and younger children.

32. What’s more, Defendants were aware that children were using the App. As of

at least October 2016, Defendants, via their website, offered limited guidance to parents

advising them to monitor their children’s use of the App. However, Defendant’s limited

guidance was mere ‘window dressing’.

33. Defendants received thousands of complaints from parents that their minor

children had created a Musical.ly App account without their knowledge. For example, in the

two-week period between September 15, 2016 and September 30, 2016, Defendants received

more than 300 complaints from parents asking to have their child’s account closed.

34. In December 2016, a third party alleged in an interview with the co-founder of

Defendants that seven users whose accounts were among the most popular in terms of

followers appeared to be children under 13. Shortly thereafter, Defendants then reviewed their

most popular users and determined an additional 39 appeared to be under the age of 13. In

February 2017, Defendants sent messages to these 46 users’ email addresses telling users under

13 to edit their profile description to indicate that their accounts were being run by a parent or

adult talent manager. Defendants, however, did not take any steps to ensure that the person

who was responding to the request was a parent and not the child user.

35. Defendants operated their App in a reckless and unlawful manner for

commercial gain. On information and belief, Defendants surreptitiously tracked, collected,

and disclosed the personally identifiable information and/or viewing data—such as the lip

synching videos—of minor children, and then sold that data to third-party advertisers so they

9
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 10 of 25 PageID #:1

could, in turn, market their products and services on Defendants’ App through the purchase of

advertising space.

36. The App has been so lucrative that in December of 2017, Defendant ByteDance

paid $1 billion to acquire it. 6 In August of 2018, the Musical.ly App was merged with the

TikTok app under the TikTok name. The Defendants operate the merged TikTok app.

37. In their quest for profits, however, Defendants failed to safeguard minor

children’s personally identifiable information and/or viewing data and ensure that the sale

and/or transfer of said data to third-parties’ was lawful.

Defendants’ App Was Directed to Children

38. COPPA defines “children” as individuals under the age of 13. See 16 C.F.R. § 312.2. An app

is directed to children if the “subject matter, visual content, use of animated characters or child -

oriented activities and incentives, music or other audio content, age of models, presence of

child celebrities or celebrities who appeal to children, language or other characteristics of the

Web site or online service, as well as whether advertising promoting or appearing on the Web

site or online service is directed to children.” See 16 C.F.R. § 312.2.

39. As alleged herein, the Musical.ly App was directed to children under the age 13.

For example, seven users whose accounts were among the most popular in terms of followers

appeared to be children under 13. Shortly thereafter, Defendants then reviewed their most

popular users and determined an additional 39 appeared to be under 13.

40. What’s more, the App offered ‘song folders’ from which users could select

songs for making their videos. At various times material to this Complaint, the App included

6
https://www.cnbc.com/2017/11/10/musical-ly-app-sells-for-1-billion.html (last accessed November 22,
2019).

10
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 11 of 25 PageID #:1

song folders appealing to children, such as “Disney” and “school.” The Disney folder included

songs related to Disney children movies such as the Lion King and Toy Story.

41. Similarly, the App promoted many musicians and entertainers popular with

‘tweens, such as Katy Perry, Selena Gomez, Ariana Grande, Meghan Trainor, among many

others—all who owned Musical.ly App accounts. These artists often encouraged their fan

base, made up primarily of children and ‘tweens, to post and share videos of themselves

dancing or lip-syncing to their new releases.

42. Moreover, the App deployed tools that made it easy for children to create and

upload videos. The App further allowed users to send other users colorful emojis such as cute

animals and smiley faces.

43. Because of these kid-friendly features and/or marketing efforts, a large

percentage of App users were under the age of 13. Indeed, many users self-identified as under

the age of 13 in their profile bios.

44. For the reasons discussed herein, Defendants had actual knowledge they were

collecting personally identifiable information and/or viewing data from children. The youth of

the user base is easily apparent in perusing users’ profile pictures and in reviewing users’

profiles, many of which explicitly noted the child’s age, birthdate, or school.

45. Moreover, since at least 2014, Defendants received thousands of complaints

from parents of children under the age of 13 who were registered users of Defendants’ online

service. In just a two-week period in September 2016, Defendants received over 300

complaints from parents asking that their child’s account be deleted.

46. Finally, the App contains child-oriented “subject matter, visual content, use of

animated characters or child-oriented activities and incentives, music or other audio content,

11
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 12 of 25 PageID #:1

age of models, presence of child celebrities or celebrities who appeal to children, language or

other characteristics of the Web site or online service, as well as whether advertising promoting

or appearing on the Web site or online service is directed to children.” 16 C.F.R. § 312.2.

Defendants Are Operators under COPPA

47. Each Defendant is an “operator” pursuant to COPPA. Specifically, COPPA

defines an “operator,” in pertinent part, as:

any person who operates a Web site located on the Internet or an online service and
who collects or maintains personally identifiable information from or about the users
of or visitors to such Web site or online service, or on whose behalf such information
is collected or maintained, or offers products or services for sale through that Web site
or online service, where such Web site or online service is operated for commercial
purposes involving commerce among the several States or with 1 or more foreign
nations; in any territory of the United States or in the District of Columbia, or between
any such territory and another such territory or any State or foreign nation; or between
the District of Columbia and any State, territory, or foreign nation.

16 C.F.R. § 312.2.

48. Defendants operated the App entirely online. Indeed, without a connection to

the internet, Plaintiffs could not have downloaded and used the App.

Defendants Engaged in the Foregoing Acts

Without Obtaining Verifiable Parental Consent

49. Defendants collected, used, or disclosed the personally identifiable information

and/or viewing data of Plaintiffs’ and class members’ without notifying their parents and/or

guardians. Defendants never obtained verifiable parental consent to collect, use, or disclose

children’s personally identifiable information and/or viewing data.

50. Plaintiffs never knew that Defendants collected, disclosed, or used their

personally identifiable information and/or viewing data because Defendants at all times failed

to provide Plaintiffs’ parents/guardians any of the required disclosures, never sought verifiable

12
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 13 of 25 PageID #:1

parental consent, and never provided a mechanism by which the Plaintiffs’ parents/guardians

could provide verifiable consent.

51. Defendants unlawful collection of Plaintiffs’ and class members’ personally

identifiable information and/or viewing data for commercial gain exposed them to pedophiles

and other predators online.

The FTC Files a Complaint Against Defendants and

Levies the Largest Fine Ever Under COPPA

52. In February of 2019, the Federal Trade Commission filed a complaint against

Defendants for violations of COPPA in connection with the conduct alleged herein.

53. Subsequent to the filing of the FTC complaint, Defendants agreed to pay $5.7

million to settle the allegations that the company illegally collected personally identifiable

information from children in violation of COPPA.

54. At the time, the ‘Musical.ly settlement’ was the largest civil penalty ever

obtained by the FTC in a children’s privacy case.

55. In addition to the monetary penalty, the settlement also requires Defendants to

comply with COPPA going forward and to take offline all videos made by children un der the

age of 13.

56. The February 27, 2019 Joint Statement of Commissioner Rohit Chopra and

Commissioner Rebecca Kelly Slaughter calls the FTC complaint and settlement a “major

milestone” for COPPA enforcement and a “big win in the fight to protect childre n’s privacy.”

57. Still, Defendants have not made whole the millions of consumers harmed by

their unlawful conduct. Accordingly, Plaintiffs bring this class action for relief.

13
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 14 of 25 PageID #:1

Fraudulent Concealment and Tolling

58. The applicable statutes of limitations are tolled by virtue of Defendants’

knowing and active concealment of the facts alleged above. Plaintiffs and class members were

ignorant of the information essential to the pursuit of these claims, without any fault or lack of

diligence on their own part.

59. Defendants were under a duty to disclose the true character, quality, and nature

of their activities to Plaintiffs and the class members. Defendants are therefore estopped from

relying on any statute of limitations.

60. Defendants’ fraudulent concealment is common to the Classes.

CLASS ACTION ALLEGATIONS

61. Pursuant to Federal Rule of Civil Procedure 23, Plaintiffs seek certification of a

Class defined as follows:

The National Class: All persons residing in the United States who registered for or
used the Musical.ly and/or TikTok software application prior to the Effective Date
when under the age of 13 and their parents and/or legal guardians.

57. Plaintiffs also seek certification of the following State subclasses

The California Subclass: All persons residing in the State of California who registered
for or used the Musical.ly and/or TikTok software application prior to the Effective
Date when under the age of 13 and their parents and/or legal guardians.

The Illinois Subclass: All persons residing in the State of Illinois who registered for
or used the Musical.ly and/or TikTok software application prior to the Effective Date
when under the age of 13 and their parents and/or legal guardians.

62. Plaintiffs reserve the right to modify or refine the Class definitions based upon

discovery of new information and in order to accommodate any of the Court’s manageability

concerns.

14
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 15 of 25 PageID #:1

63. Excluded from the Classes are: (a) any Judge or Magistrate Judge presiding over

this action and members of their staff, as well as members of their families; (b) Defendants,

Defendants’ predecessors, parents, successors, heirs, assigns, subsidiaries, and any entity in

which any Defendants or their parents have a controlling interest, as well as D efendants’

current or former employees, agents, officers, and directors; (c) persons who properly execute

and file a timely request for exclusion from the Classes; (d) persons whose claims in this matter

have been finally adjudicated on the merits or otherwise released; (e) counsel for Plaintiffs and

Defendants; and (f) the legal representatives, successors, and assigns of any such excluded

persons.

The Classes Satisfy the Rule 23 Requirements

64. Ascertainability. The proposed Classes are readily ascertainable because they

are defined using objective criteria so as to allow class members to determine if they are part

of the Classes.

65. Numerosity (Rule 23(a)(1)). The Classes are so numerous that joinder of

individual members herein is impracticable. The exact number of Class members, as herein

identified and described, is approximately 6 million individuals.

66. Commonality. (Rule 23(a)(2)). Common questions of fact and law exist for each

cause of action and predominate over questions affecting only individual Class members,

including the following:

a) Whether Defendants engaged in the activities referenced in the above

paragraphs;

b) Whether Defendants provided disclosure of all the activities referenced in the

above paragraphs on the App, as required by COPPA;

c) Whether Defendants directly notified parents of any of the activities referenced

in the above paragraphs;

15
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 16 of 25 PageID #:1

d) Whether Defendants sought verifiable parental consent prior to engaging in any

of the activities referenced in the above paragraphs;

e) Whether Defendants provided a process or mechanism for parents to provide

verifiable parental consent prior to engaging in any of the activities reference d
in the above paragraphs;

f) Whether Defendants received verifiable parental consent prior to engaging in

any of the activities referenced in the above paragraphs;

g) Whether Defendants’ acts and practices complained of herein violate the Video
Privacy Protection Act;

h) Whether Defendants’ acts and practices complained of herein amount to acts of

intrusion upon seclusion;

i) Whether Defendants’ conduct violated the State consumer protection and

privacy laws invoked herein;

j) Whether California has a significant contact to the claims of each class member
to apply California law to all members of the Nationwide Class; and

k) Whether members of the Classes have sustained damages, and, if so, in what
amount.

67. Typicality. (Rule 23(a)(3)). Plaintiffs’ claims are typical of the claims of

members of the proposed Classes because, among other things, Plaintiffs and members of the

Classes sustained similar injuries as a result of Defendants’ uniform wrongful conduct and

their legal claims all arise from the same events and wrongful conduct by Defendants.

68. Adequacy. (Rule 23(a)(4)). Plaintiffs will fairly and adequately protect the

interests of the proposed Classes. Plaintiffs’ interests do not conflict with the interests of the

Class members and Plaintiffs have retained counsel experienced in complex class action and

data privacy litigation to prosecute this case on behalf of the Classes.

69. Predominance & Superiority (Rule 23(b)(3)). In addition to satisfying the

prerequisites of Rule 23(a), Plaintiffs satisfy the requirements for maintaining a class action

16
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 17 of 25 PageID #:1

under Rule 23(b)(3). Common questions of law and fact predominate over any questions

affecting only individual Class members, and a class action is superior to individual litigation

and all other available methods for the fair and efficient adjudication of this controversy. The

amount of damages available to individual plaintiffs is insufficient to make litigation

addressing Defendants’ conduct economically feasible in the absence of the class action

procedure. Individualized litigation also presents a potential for inconsistent or contradictory

judgments, and increases the delay and expense presented by the complex legal and factu al

issues of the case to all parties and the court system. By contrast, the class action device

presents far fewer management difficulties and provides the benefits of a single adjudication,

economy of scale, and comprehensive supervision by a single court.

CAUSES OF ACTION

COUNT I

Violation of the Video Privacy Protection Act, 18 U.S.C. § 2710

(Brought on Behalf of Plaintiffs and the National Class)

70. Plaintiffs repeat and re-allege each and every factual allegation contained in all previous

paragraphs as if fully set forth herein.

71. Defendants are a video tape service provider subject to 18 U.S.C. § 2710(a)(4)

of the Video Privacy Protection Act (“VPPA”). Defendants are “engaged in the business, in

or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video

cassette tapes or similar audio-visual materials” by delivering videos to consumers through the

App.

72. As users of the App, Plaintiffs and members of the Class are consumers within

the definition of 18 U.S.C. § 2710(a)(1) of the VPPA.

17
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 18 of 25 PageID #:1

73. Defendants collected consumers’ personally identifiable information (“PII”)

within 18 U.S.C. § 2710(a)(3).

74. Defendants have disclosed PII to third-parties, including data brokers and

advertisers, to generate revenue and profit.

75. Defendants failed to solicit and/or obtain consent from Plaintiffs and the Class

members to collect and disclose their PII, nor did Defendants provide clear and conspicuous

notice of the disclosure of PII, as defined in 18 U.S.C. § 2710 (b)(2)(B).

76. The knowing disclosure and transmission of PII violates the VPPA within the

meaning of 18 U.S.C § 2710(b)(1).

77. Accordingly, Plaintiffs and members of the Class are entitled under 18 U.S.C. §

2710(c)(2) to an award of damages (actual, liquidated, or punitive), reasonable attorneys’ fees,

other litigation costs reasonably incurred, and such relief as the Court deems appropriate.

COUNT II

Intrusion Upon Seclusion

(Brought on Behalf of Plaintiffs and the National Class)

78. Plaintiffs repeat and re-allege each and every allegation contained in previous paragraphs 1

through 69 as if fully set forth herein.

79. Plaintiffs and Class members have reasonable expectations of privacy in their

mobile devices and their online behavior, generally. Plaintiffs’ and Class members’ private

affairs include their behavior on their mobile devices as well as any other behavior that may

be monitored by the surreptitious collection and tracking of Plaintiffs’ personally identifiable

information and/or viewing data employed or otherwise enabled by the App.

80. The reasonableness of such expectations of privacy is supported by Defendants’

unique position to monitor Plaintiffs’ and Class Members’ behavior through their access to

18
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 19 of 25 PageID #:1

Plaintiffs’ and Class members’ private mobile devices. It is further supported by the

surreptitious, highly-technical, and non-intuitive nature of Defendants’ tracking.

81. Defendants intentionally intruded on and into Plaintiffs’ and Class members’

solitude, seclusion, or private affairs by intentionally designing the App to surreptitiously

obtain, improperly gain knowledge of, review, and/or retain Plaintiffs’ and Class members’

activities through the technologies and activities described herein.

82. These intrusions are highly offensive to a reasonable person. This is evidenced

by, inter alia, the legislation enacted by Congress, rules promulgated and enforcement actions

undertaken by the FTC, the complaint filed against Defendants by the FTC, and countless

studies, op-eds, and articles decrying the online tracking of children. Further, the extent of the

intrusion cannot be fully known, as the nature of privacy invasion involves sharing Plaintiffs’

and Class members’ personally identifiable information and/or viewing data with potentially

countless third-parties, known and unknown, for undisclosed and potentially unknowable

purposes, in perpetuity. Also supporting the highly offensive nature of Defendants’ conduct

is the fact that Defendants’ principal goal was to surreptitiously monitor Plaintiffs and Class

members in one of the most private spaces available to an individual in modern life and to

allow third-parties to do the same.

83. Plaintiffs and Class members were harmed by the intrusion into their private

affairs as detailed throughout this Complaint.

84. Defendants’ actions and conduct complained of herein were a substantial factor

in causing the harm suffered by Plaintiffs and Class members.

85. As a result of Defendants’ actions, Plaintiffs and Class members seek nominal

and punitive damages in an amount to be determined at trial. Plaintiffs and Class members

19
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 20 of 25 PageID #:1

seek punitive damages because Defendants’ actions—which were malicious, oppressive,

willful—were calculated to injure Plaintiffs and made in conscious disregard of Plaintiffs’

rights. Punitive damages are warranted to deter Defendants from engaging in future

misconduct.

COUNT III

Violation of the California Constitutional Right to Privacy

(Brought on Behalf of Plaintiffs, the National Class and the California Subclass)

86. Plaintiffs individually and on behalf of the National Class and the California

Subclass repeat and re-allege each and every allegation contained in previous paragraphs 1

through 69 as if fully set forth herein.

87. This Court may apply California law extraterritorially to the National Class

since the App’s user agreement contained a choice of law provision which elected California

law as the “choice of law.”

88. Plaintiffs and Class members have reasonable expectations of privacy in their

mobile devices and their online behavior, generally.

89. The reasonableness of such expectations of privacy is supported by Defendants’

unique position to monitor Plaintiffs’ and Class Members’ behavior through their access to

Plaintiffs’ and Class members’ private mobile devices. It is further supported by the

surreptitious, highly-technical, and non-intuitive nature of Defendants’ tracking.

90. Defendants intentionally intruded on and into Plaintiffs’ and Class members’

solitude, seclusion, or private affairs by intentionally designing the App to surreptitiously

obtain, improperly gain knowledge of, review, and/or retain Plaintiffs’ and Class members’

activities through the technologies and activities described herein.

20
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 21 of 25 PageID #:1

91. These intrusions are highly offensive to a reasonable person. This is evidenced

by, inter alia, the legislation enacted by Congress, rules promulgated and enforcement actions

undertaken by the FTC, the complaint filed against Defendants by the FTC, and countless

studies, op-eds, and articles decrying the online tracking of children. Further, the extent of the

intrusion cannot be fully known, as the nature of privacy invasion involves sharing Plaintiffs’

and California Subclass members’ personally identifiable information and/or viewing data

with potentially countless third-parties, known and unknown, for undisclosed and potentially

unknowable purposes, in perpetuity. Also supporting the highly offensive nature of

Defendants’ conduct is the fact that Defendants’ principal goal was to surreptitiously monitor

Plaintiffs and Class members in one of the most private spaces available to an individual in

modern life-and to allow third-parties to do the same.

92. Plaintiffs and Class members were harmed by the intrusion into their private

affairs as detailed throughout this Complaint.

93. Defendants’ actions and conduct complained of herein were a substantial factor

in causing the harm suffered by Plaintiffs and Class members.

94. As a result of Defendants’ actions, Plaintiffs and Class members seek nominal

and punitive damages in an amount to be determined at trial. Plaintiffs and Class members

seek punitive damages because Defendants’ actions—which were malicious, oppressive,

willful—were calculated to injure Plaintiffs and made in conscious disregard of Plaintiff s’

rights. Punitive damages are warranted to deter Defendants from engaging in future

misconduct.

21
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 22 of 25 PageID #:1

COUNT IV

Violation of the California Consumers Legal Remedies Act

(Brought on Behalf of Plaintiffs, the National Class and the California Subclass)

95. Plaintiffs individually and on behalf of the National Class and the California

Subclass repeat and re-allege each and every allegation contained in previous paragraphs 1

through 69 as if fully set forth herein.

96. This Court may apply California law extraterritorially to the National Class

since the App’s user agreement contained a choice of law provision which elected California

law as the “choice of law.”

97. Defendants are “persons” as defined by Cal. Civ. Code § 1761(c).

98. Defendants’ products and services are “goods” and “services” as defined by Cal.

Civ. Code § 1761(a) and (b).

99. Defendants advertised, offered, or sold goods or services in California and

engaged in trade or commerce directly or indirectly affecting the people of C alifornia and the

rest of the United States.

100. Defendants’ engaged in acts of deception and other policies, acts, and practices

that were designed to, and did, induce the use of Defendants’ good and services for personal,

family, or household purposes by Plaintiffs and Class Members, and violated and continue to

violate various sections of the CLRA including, but not limited to, the following :

a. § 1770(a)(2): Misrepresenting the source, sponsorship, approval, or certification

of goods or services; and

b. § 1770(a)(7): Representing that goods or services are of a particular standard,

quality, or grade, or that goods are of a particular style or model, if they are of
another.

22
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 23 of 25 PageID #:1

101. Defendants’ wrongful business practices constituted a course of conduct in

violation of the CLRA.

102. As a direct and proximate result of Defendants’ violations of the CLRA,

Plaintiffs and each Class member have suffered harm.

103. Pursuant to Cal. Civ. Code § 1780(a) and (b), Plaintiffs, individually and on

behalf of the Classes, seek damages and all other appropriate remedies for Defendants’

violations of the CLRA.

COUNT V

Violation of the Illinois Consumer Fraud and Deceptive Business Practices Act
(Brought on Behalf of Plaintiff T.K. and the Illinois Subclass)

104. Plaintiff T.K. individually and on behalf of the Illinois Subclass, repeats and re-alleges

previously alleged paragraphs 1 through 69, as if fully alleged herein.

105. Defendants are “persons” as defined by 815 Ill. Comp. Stat. § 510/1(5).

106. Defendants engaged in deceptive trade practices in the conduct of their business,

in violation of 815 Ill. Comp. Stat. § 510/2(a), by, among other things, failing to obtain consent

from parents and/or guardians before collecting and/or using personally identifiable

information and/or viewing data from Plaintiffs and class members, and by failing to delete

said data collected from class members upon the request of their respective parents and/or

guardians.

107. Defendants’ representations and omissions were material because they were

likely to deceive reasonable consumers.

108. The above unfair and deceptive practices and acts by Defendants were immoral,

unethical, oppressive, and unscrupulous. These acts caused substantial injury to Plaintiff T.K.

23
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 24 of 25 PageID #:1

and Illinois Subclass members that they could not reasonably avoid; this substantial injury

outweighed any benefits to consumers or to competition.

109. As a result of Defendants’ deceptive acts and practices, Plaintiff T.K. and

Illinois Subclass members were injured and damaged in that they suffered a loss of privacy

and autonomy through Defendants’ acquisition and use of their personally identifiable

information and/or viewing data, for Defendants’ own benefit, without parental knowledge or

verifiable consent.

110. Plaintiff T.K. and Illinois Subclass members seek all monetary relief allowed

by law, including reasonable attorney’s fees.

PRAYER FOR RELIEF

WHEREFORE, Plaintiffs, individually and on behalf of all others similarly situated,

respectfully request that this Court:

A. Certify this case as a class action, appoint Plaintiffs as Class and Subclass
representatives, and appoint Plaintiffs’ counsel to represent the Classes;

B. Find that Defendants’ actions, as described herein, constitute (i) a violation

of the Video Privacy Protection Act; (ii) intrusion upon seclusion; (iii) a
violation of the right to privacy under California Constitution, Article I,
Section 1; (iv) a violation of the California Consumers Legal Remedies Act;
and (v) a violation of the Illinois Consumer Fraud and Deceptive Business
Practices Act;

C. Award Plaintiffs and Class and Subclass members appropriate relief,

including actual and statutory damages and punitive damages, in an amount
to be determined at trial;

D. Award equitable, injunctive, and declaratory relief as may be appropriate;

E. Award all costs, including experts’ fees, attorneys’ fees, and the costs of
prosecuting this action; and

F. Grant such other legal and equitable relief as the Court may deem
appropriate.

24
 Case: 1:19-cv-07915 Document #: 1 Filed: 12/03/19 Page 25 of 25 PageID #:1

DEMAND FOR JURY TRIAL

Plaintiffs demand a trial by jury of all claims in this Complaint so triable. Plaintiffs also

respectfully request leave to amend this Complaint to conform to the evidence, if such amendment

is needed for trial.

Dated: December 3, 2019 Respectfully submitted,

/s/ Gary M. Klinger

KOZONIS & KLINGER, LTD.

Gary M. Klinger (IL Bar No. 6303726)
227 W. Monroe Street, Suite 2100
Chicago, Illinois 60630
Phone: 312.283.3814
Fax: 773.496.8617
[email protected]

WHITFIELD BRYSON & MASON LLP

Gary E. Mason (pro hac vice forthcoming)
5101 Wisconsin Ave., NW, Ste. 305
Washington, DC 20016
Phone: 202.640.1160
Fax: 202.429.2294
[email protected]

Attorneys for Plaintiffs

the Proposed Classes

25