Regulators in Ireland imposed a hefty €345 million (£296 million) penalty on TikTok for breaching the privacy of minors
The grievance revolved around the manner in which the social networking platform managed the data of minors in the year 2020, with a particular focus on age authentication procedures and privacy configurations.
This constitutes TikTok’s most substantial penalty to date, as determined by regulatory authorities.
A representative for the social media corporation expressed their respectful disagreement with the ruling, particularly with regards to the magnitude of the imposed fine.
“The critiques primarily target functionalities and configurations that were established three years ago, ones we had already modified well before the inquiry’s commencement, such as the automatic default setting of all accounts for users under the age of 16 to private,” they emphasized.
Ireland’s Data Protection Commission (DPC) imposed the penalty under the European Union’s General Data Protection Regulation (GDPR), a privacy law that outlines stringent guidelines for companies handling data.
GDPR lays out specific regulations governing data handling practices for corporations.
The DPC determined that TikTok had not been sufficiently transparent with minors regarding its privacy settings, casting doubts on the manner in which their data was being handled.
Data Protection Commissioner Helen Dixon informed BBC News that the investigation had revealed accounts belonging to individuals aged 13 to 17 were automatically made public upon registration, allowing their content to be visible to anyone.
“Such circumstances squarely fall under TikTok’s responsibility due to their platform’s design, and we assert that this violated the GDPR’s data protection by design and default prerequisites,” Ms. Dixon stated.
The company has been granted a three-month period to ensure full GDPR compliance in its data processing.
Professor Sonia Livingstone, an expert in children’s digital rights and experiences at the London School of Economics and Political Science, commended the DPC’s decision.
“Children aspire to engage in the digital realm without being subjected to exploitation or manipulation. This necessitates platforms disclosing how they manage user data and, most importantly, treating that data equitably, as privacy represents a fundamental right for children,” she remarked.
An ongoing investigation is underway to determine whether TikTok has engaged in illicit data transfers from the EU to China. TikTok is owned by the Beijing-based company ByteDance.”
Penalties from European authorities
In contrast to the substantial hundreds of millions fine, which, in recent months, stands as a smaller penalty compared to Meta’s staggering €1.2 billion (£1 billion) fine imposed by regulators in May due to mishandling data transfers between Europe and the United States.
Nonetheless, it significantly surpasses the £12.7 million fine imposed on TikTok by the UK data watchdog in April for allowing children under 13 to use the platform in 2020.
The fine issued by the DPC pertains specifically to the year 2020, prompting TikTok to undertake numerous measures in the subsequent years to enhance compliance.
These actions included becoming one of the inaugural social media platforms to default to private accounts for 13 to 15-year-olds in January 2021.
Additionally, this month, TikTok plans to introduce a change that will automatically set all accounts for 16 and 17-year-olds to private by default.
