Ireland’s Data Protection Commissioner (DPC) has imposed a fine of EUR345m (USD370m) on TikTok for violating privacy laws related to the processing of children’s personal data in the European Union (EU), as reported by Reuters on September 15. The fine resulted from an investigation that was initiated in September 2021 and examined TikTok’s privacy settings during a period between July 2020 and December 2020. The investigation revealed that in 2020, TikTok had set the accounts for users under the age of 16 to “public” by default, which allowed anyone to view and comment on their videos. In addition, the regulator found that TikTok’s “family pairing” feature was not stringent enough in verifying whether the adult paired with a child’s account was the actual parent or guardian. The DPC has ordered TikTok to rectify its data processing to comply with the EU’s General Data Protection Regulation (GDPR) within three months.
This fine represents the largest penalty TikTok has faced from regulators. Earlier this year, the UK’s privacy regulator, the Information Commissioner’s Office (ICO), imposed a fine of USD15.9m on TikTok for allegedly misusing the data of children under age 13. In response to the DPC punishment, TikTok stated that it “respectfully disagree with the decision,” particularly regarding the level of the fine imposed. The company also asserted that it had made changes to privacy settings well before the investigation began in September 2021, such as setting all users under the age of 16 to private by default. Last September, the DPC also imposed a substantial fine of USD430m on Meta’s [Meta:US] Instagram for failing to protect children’s data.
Sources:
https://www.ft.com/content/3d912090-fc84-4225-be91-62d2b621d6c9