TikTok fined 345 million euros for endangering children's data in Europe

TikTok breached EU privacy laws between July 31, 2020, and December 31, 2020 and faced several warnings during this period

Web Desk

A TikTok logo is displayed on a smartphone in this illustration taken January 6, 2020. —Reuters
A TikTok logo is displayed on a smartphone in this illustration taken January 6, 2020. —Reuters

Chinese-owned short-video platform TikTok was fined 345 million euros ($370 million) for violating privacy laws in Europe, Reuters reported Friday.

The fine was imposed in a case related to the processing of children's personal data within the European Union.

Ireland's Data Protection Commissioner (DPC) imposed the penalty, marking the platform's first reprimand by the DPC.

The breaches of EU privacy laws occurred between July 31, 2020, and December 31, 2020. TikTok faced several criticisms during this period, including the default setting for accounts of users under 16 being set to "public" in 2020. 

Additionally, TikTok failed to verify whether a user claiming to be a child was, indeed, linked to a parent or guardian through the "family pairing" feature.

TikTok took measures to address these concerns by enhancing parental controls for family pairing in November 2020 and changing the default setting for all registered users under 16 to "private" in January 2021.

 Despite these actions, the DPC has imposed a significant fine, citing the breaches that occurred before these measures were implemented.

TikTok responded by expressing its disagreement with the DPC's decision, particularly the magnitude of the fine. The platform stated that many of the criticisms raised by the DPC are no longer applicable, thanks to the measures TikTok introduced prior to the commencement of the DPC's investigation in September 2021.

TikTok has pledged to further update its privacy materials to provide clarity on the distinctions between public and private accounts. 

Starting later this month, the platform will automatically pre-select a private account for new users aged 16-17 during registration.

The DPC has given TikTok a three-month period to bring all of its data processing practices into compliance wherever infringements were identified. 

Additionally, a separate investigation by the DPC is ongoing, focusing on TikTok's transfer of personal data to China and its adherence to EU data regulations when transferring data to non-EU countries. 

The DPC has stated that it was preparing a preliminary draft decision for this investigation in March.

Under the European Union's General Data Protection Regulation (GDPR), which was introduced in 2018, the lead regulator for a company can impose fines of up to 4% of the company's global revenue. 

The DPC has previously imposed substantial fines on other tech giants, including a combined 2.5 billion euros levied on Meta. At the end of 2022, the DPC had 22 inquiries open into multinational companies based in Ireland.