TikTok is an app that makes it easy for people to make short lip-synching videos, which unsurprisingly makes it a goldmine of creativity and memes. TikTok recently got in hot water with the Federal Trade Commission because it failed to comply with Children’s Online Privacy Protection Act (COPPA). COPPA requires online services that are either “directed at” children under the age of 13 or have knowledge that they have users who are under 13 to arrange for parental permission before they start collecting personal information about those users.

The FTC fined TikTok $5.7 million and ordered it to delete personal information of young users, with the option to transfer copies of the videos back to them. The FTC required TikTok to “destroy” the “personal information” of any account belonging to someone currently 13 or under, or who was under 13 when they joined. In other words, the account, its videos, the fans, everything that had been built up by the users, would be deleted. However, the FTC also gave TikTok the option to give users copies of their videos.

TikTok’s attempt to comply was riddled with problems. Users logging in for the first time after the order were prompted to give their birthdate, but TikTok’s own interface defaulted to putting in the current date while also not making crystal clear to users why it needed that information and what could result. A number of users had trouble getting the date to change, giving the system the impression that they were zero years old and resulting in the deletion of their accounts and losing their videos. Other users—including many older than 13—found everything deleted without ever being asked their age at all.

TikTok responded to these errors by asking users who wished to restore their accounts to submit a government ID proving their age. But not everyone has that kind of ID, especially not teenagers.

Even if this had worked exactly as planned, it would be a disaster. TikTok’s been around for years. Imagine if you’d been making videos there the whole time, steadily building fans, and using a platform the way it was intended. And then, because of TikTok’s mistake, all of that vanished.

Unfortunately, TikTok’s muddled response is not unique. When companies get caught breaking privacy rules, users can suffer twice–first by having their information collected improperly and then by losing access to the service.

We hope online service providers of all stripes learn from TikTok’s mistakes.

Related Issues