TikTok, a Chinese-owned social media platform, has been fined €345 million (approximately $369 million) by a European Union regulator for breaches related to child data protection.
This penalty marks the conclusion of a two-year investigation conducted by the Data Protection Commission (DPC) in Ireland.
The Irish DPC, responsible for enforcing the EU’s strict General Data Protection Regulations (GDPR), gave TikTok a three-month deadline to bring its data processing practices in line with GDPR regulations.
The DPC’s inquiry, which began in September 2021, focused on TikTok’s compliance with GDPR concerning platform settings and personal data processing for users under the age of 18. While it found no infringement in TikTok’s age verification measures for those under 13, the DPC concluded that the platform did not adequately assess the risks for younger users registering on the service.
The regulator’s ruling highlighted that children signing up for TikTok accounts had their profiles set to public by default, allowing anyone to view or comment on their content. Additionally, the DPC criticized TikTok’s “family pairing” mode, which connects parents’ accounts to those of their teenage children but lacks proper verification of parent or guardian status.
Ireland plays a central role in GDPR enforcement because it hosts the European headquarters of tech giants like TikTok, Google, Meta (formerly Facebook), and X (formerly Twitter). Earlier this year, the DPC imposed a record €1.2 billion fine on Meta for transferring EU user data to the United States, violating a previous court ruling.
TikTok, a division of the Chinese tech giant ByteDance, is immensely popular among young people, boasting 150 million users in the United States and 134 million in the EU.
In response to the fine, TikTok expressed its respectful disagreement with the verdict and mentioned that it is evaluating its next steps. The platform defended itself, stating that the DPC’s criticisms pertained to features and settings in place three years ago, which TikTok had already modified before the investigation began, such as setting all accounts of users under 16 to private by default.
TikTok claimed that it actively monitors users’ ages and takes necessary actions, revealing that it deleted nearly 17 million accounts worldwide in the first quarter of this year due to suspicions of users being under 13. Furthermore, TikTok recently opened a data center in Ireland to address data privacy concerns in Europe.
The GDPR, implemented in 2018, is the EU’s stringent regulation on tech and data privacy, requiring citizens’ consent for the usage of their data. This fine comes after the EU announced new restrictions on digital giants, including Apple, Meta (Facebook), and ByteDance, aimed at regulating their business practices.
