FTC Issues Compliance Letters to 12 Major Tech Platforms Over Take‑It‑Down Act Violations
What Happened – The Federal Trade Commission sent formal warning letters to twelve leading technology companies—including Alphabet, Amazon, Apple, Meta, Microsoft, TikTok and others—asserting they are out of compliance with the Take It Down Act (TIDA). The law, effective May 2025, obligates platforms to provide a simple victim‑initiated removal process for non‑consensual intimate images and to delete such content within 48 hours.
Why It Matters for TPRM –
- Non‑compliance can trigger statutory fines of up to $53,088 per violation, creating direct financial exposure for your vendors.
- Persistent hosting of intimate images heightens reputational risk and may lead to downstream litigation from affected users.
- Regulators are now actively monitoring enforcement; vendors lacking documented TIDA‑compliant processes may fall short of contractual security clauses.
Who Is Affected – Social‑media platforms, photo‑sharing services, and any online marketplace that hosts user‑generated visual content (technology SaaS, cloud‑hosted services).
Recommended Actions –
- Review all third‑party contracts for clauses requiring compliance with TIDA or equivalent privacy‑remediation standards.
- Verify that vendors have implemented a 48‑hour removal workflow, unique request identifiers, and clear homepage notices.
- Confirm the use of perceptual‑hashing or similar deduplication technology and that hash‑sharing agreements exist with NCMEC (for minors) and StopNCII.org (for adults).
- Request evidence of compliance audits or certifications and incorporate monitoring checkpoints into your vendor risk program.
Technical Notes – TIDA mandates a victim‑initiated “request‑to‑remove” UI, a 48‑hour deletion window, hash‑based duplicate detection, and mandatory hash sharing with designated NGOs. Failure to meet these requirements constitutes a violation. Source: The Record