EU slaps TikTok with €345,000,000 fine for mishandling children's data

TikTok claims most criticisms are now invalid as a result of measures implemented prior to the investigation

Web Desk
The EU flag and TikTok logo are seen in this illustration taken, on June 2, 2023. — Reuters/File
The EU flag and TikTok logo are seen in this illustration taken, on June 2, 2023. — Reuters/File

The European Union's (EU) top privacy watchdog announced on Friday that the organisation has fined TikTok €345 million ($370 million) for violating the region's laws on the handling of children's personal data.

According to a statement from Ireland's Data Protection Commissioner (DPC), the Chinese-owned short-video sharing platform violated a number of EU privacy laws between July 31, 2020, and December 31, 2020.

This marks the first instance of the DPC, the primary regulator for numerous global tech companies with regional headquarters in Ireland, issuing a warning to ByteDance-owned TikTok, a popular platform among teenagers worldwide.

A representative from TikTok expressed disagreement with the decision, particularly the magnitude of the penalty, and emphasised that most of the criticisms are no longer valid as a result of measures implemented prior to the DPC's investigation in September 2021.

By default, accounts for users under the age of 16 were set to "public" in 2020, the DPC said, and TikTok failed to confirm that a user was indeed a minor user's parent or guardian when linked through the "family pairing" option.

Family pairing now has stricter parental controls thanks to TikTok, which also altered the default option for all logged-in users under the age of 16 to "private" in January 2021.

The differences between public and private accounts will be made clearer in future updates to TikTok's privacy guidelines, the company announced on Friday.

Additionally, new 16- and 17-year-old users will be automatically assigned a private account when they sign up for the app later this month, according to TikTok.

The DPC gave TikTok three months to bring all its processing into compliance where infringements were found, Reuters reported

It is currently looking into whether TikTok's transfer of user data to China conforms with EU data rules when sending that data to nations outside the organisation.

Previously, the DPC stated in March that it was composing a rough draught judgement about that probe, Reuters reported.

General Data Protection Regulation (GDPR), which was implemented by the EU in 2018, allows the lead regulator for any specific company to levy fines up to 4% of the company's global revenue.

The DPC has imposed significant fines on other tech behemoths, including a combined €2.5 billion on Meta. By the end of 2022, it had 22 investigations of international corporations with an Irish basis open.