The European Union, through its lead regulator, has imposed a fine of 345 million euros ($368m) on the popular social media platform TikTok. This penalty is for violations related to the processing of children’s personal data, marking the first such punitive action against the platform for breaching Europe’s stringent data privacy regulations.
TikTok, a Chinese-owned short-video platform that has gained immense popularity, especially among teenagers globally, was found to have violated several EU privacy laws during the period from July 31, 2020, to December 31, 2020. The Ireland Data Protection Commissioner (DPC), serving as the principal privacy regulator for major technology companies with European headquarters in Dublin, issued the statement announcing the fine.
The DPC’s investigation identified multiple breaches by TikTok. Notably, it found that the sign-up process for teenage users automatically set their accounts to public, allowing unrestricted viewing and commenting on their videos. This setting presented risks to children under 13 who accessed the platform, despite being underage for its use.
Fhe investigation revealed inadequacies in TikTok’s “family pairing” feature, which is intended to enable parental control over settings. The feature failed to prevent adults from activating direct messaging for users aged 16 and 17 without their consent. The probe also noted that TikTok nudged teenage users towards options that compromised their privacy when signing up and posting videos.
Responding to the decision, a TikTok spokesperson expressed disagreement, particularly over the magnitude of the fine, and highlighted that many of the issues raised were addressed through measures implemented at the start of 2021 – months before the DPC’s investigation commenced in September 2021.
As part of its response to privacy concerns, TikTok enhanced its parental controls in November 2020 and, in January 2021, changed the default setting for users under 16 to “private.” The platform also announced plans to update its privacy materials to clarify the distinctions between public and private accounts, with a default private account setting for new users aged 16 or 17 from later in the month.
The DPC has given TikTok a three-month timeframe to align all its processing activities with compliance requirements where infringements were identified.
The DPC is conducting a separate investigation to determine TikTok’s compliance with the EU’s General Data Protection Regulation regarding the transfer of user data to China, where ByteDance, TikTok’s parent company, is headquartered.
Amid concerns over data security and the potential transfer of sensitive user information to China, TikTok has initiated a project to localize European user data. This includes the recent opening of a data center in Dublin, the first of three planned in Europe. Other tech giants, including Instagram, WhatsApp, and their parent company Meta, have also faced significant fines from the Irish regulator in the past year.
Catch the latest supply chain news at The Supply Chain Report. Learn more about international trade at ADAMftd.com with free tools.
#TikTokFine #DataPrivacy #EUPrivacyRegulations #ChildPrivacy #SocialMediaSafety #IrelandDPC #GDPRCompliance #ByteDance #DigitalPrivacy #DataSecurity #ParentalControls #PrivacyProtection #TechRegulation #EuropeanUserData #DublinDataCenter #PrivacyByDesign #DigitalSafety