TikTok, the Chinese-owned short-video platform, has been penalized with a fine of 345 million euros by the Irish Data Protection Commission (DPC) for infringing privacy laws in the European Union, specifically those related to the handling of children’s personal data.
The DPC discovered several instances of TikTok’s non-compliance with EU privacy regulations during the period from July 31, 2020, to December 31, 2020.
One of the key issues was that TikTok had automatically set accounts for users under 16 years old to “public” and failed to authenticate whether a user was genuinely a child’s parent or guardian when connected via the “family pairing” feature.
TikTok Violated EU Privacy Laws, Investigation Finds
The Irish Data Protection Commission (DPC) found TikTok in violation of several privacy laws in the European Union. Here are the key issues identified:
- Default Public Accounts for Underage Users: TikTok had set accounts for users under the age of 16 to “public” by default.
- Lack of Verification for Family Pairing: TikTok did not verify whether a user was actually a child user’s parent or guardian when linked through the “family pairing” feature.
The DPC has ordered TikTok to rectify these issues and bring its data processing into compliance within three months.
DPC Imposes Record Fine on TikTok
The DPC’s fine is the largest ever imposed under the GDPR. It is also the first major fine against TikTok for its handling of children’s data.
The DPC has mandated TikTok to pay the fine and rectify its non-compliant data processing within a three-month timeframe. However, TikTok has contested the decision, asserting that most of the criticisms are outdated due to the corrective measures it implemented prior to the commencement of the DPC’s investigation in September 2021.