TikTok, the popular video sharing platform, has been slapped with a €345 million ($379 million) fine by the Irish Data Protection Commission (DPC) for violating the General Data Protection Regulation (GDPR) of the European Union. The DPC’s decision comes after TikTok was found to have failed to protect children’s data in accordance with GDPR rules.
Key Takeaway
TikTok has been fined €345 million by the Irish Data Protection Commission for violating the General Data Protection Regulation. The platform failed to properly protect children’s data, enabling public accounts and unrestricted access to social media content, raising concerns about data privacy and safety.
GDPR Breaches and Penalties
The DPC identified eight breaches of GDPR by TikTok, including violations of data processing lawfulness, fairness, transparency, and security. It found that TikTok did not implement appropriate technical and organizational measures, failing to consider risks to users under the age of 13. The platform’s default account settings allowed anyone, both on and off TikTok, to view the social media content posted by child users.
TikTok’s account settings at the time enabled child users to have public accounts by default, with comments and features like “Duet” and “Stitch” also enabled automatically. Additionally, the platform’s “Family Pairing” feature allowed non-verified users to pair their accounts with those of children above the age of 16, making the feature less restrictive for the child users.
The Irish DPC issued a fine of €345 million and ordered TikTok to bring its data processing practices into compliance within three months.
TikTok’s Response and Future Steps
TikTok expressed disagreement with the decision, particularly the magnitude of the fine imposed. The platform argued that the criticisms by the DPC were focused on features and settings that had been changed well before the investigation began. It also emphasized that it had already set all accounts of users under the age of 16 to private by default.
TikTok is considering its next steps, including the possibility of filing a legal appeal in Ireland.
Importance of Children’s Data Protection
This fine adds to the growing list of penalties imposed on tech giants for mishandling children’s data. Earlier this year, the UK’s Information Commissioner’s Office fined TikTok approximately $15.7 million for failing to prevent over 1.4 million underage users from accessing its platform. Instagram, owned by Meta, was hit with a €405 million fine in 2022 for similar data protection violations for children.
The fine serves as a reminder to tech companies of the importance of safeguarding children’s data and complying with data protection regulations. With data exports also under investigation, TikTok faces ongoing scrutiny and potential further penalties if it fails to rectify its GDPR compliance. Regulators continue to prioritize child protection concerns, and these fines aim to ensure greater accountability in data handling practices.