TikTok Faces €345 Million Penalty for Breach of Children's Data Privacy

Irish regulators have imposed a substantial fine of €345 million (£296 million) on TikTok for breaching children's privacy. The complaint centered on TikTok's handling of children's data in 2020, specifically related to age verification and privacy settings. This fine represents the largest penalty ever imposed on TikTok by regulators.

A spokesperson from TikTok expressed their disagreement with the decision, especially the magnitude of the fine. They pointed out that the criticisms primarily focused on features and settings that were in place three years ago and had been modified before the investigation started, including setting all accounts for those under 16 to private by default.

The fine was levied by Ireland's Data Protection Commission (DPC) under the European Union's General Data Protection Regulation (GDPR) privacy law, which outlines the data handling requirements for companies. The DPC found that TikTok had not been sufficiently transparent with children regarding its privacy settings and had raised concerns about how their data was handled. Commissioner Helen Dixon explained that accounts created by individuals aged 13 to 17 were automatically set to public upon registration, allowing their content to be visible to anyone, a situation attributed to TikTok's platform design, which, according to the DPC, violated GDPR's data protection standards.

TikTok has been given a three-month period to bring its data processing procedures fully in line with GDPR requirements. Professor Sonia Livingstone, an expert in children's digital rights and experiences, welcomed the DPC's decision, emphasizing the importance of platforms treating children's data fairly and respecting their privacy rights.

An ongoing investigation is examining whether TikTok unlawfully transferred data from the EU to China, as TikTok is owned by the Chinese company ByteDance.

While the €345 million fine is substantial, it is smaller than some recent penalties, such as the €1.2 billion fine imposed on Meta in May for mishandling data transfers between Europe and the United States. However, it is significantly larger than the £12.7 million fine TikTok received from the UK data watchdog in April for allowing children under 13 to use the platform in 2020. It's worth noting that the DPC's fine specifically pertains to the year 2020, and TikTok has implemented several changes in subsequent years to enhance compliance, including setting accounts for 13 to 15-year-olds to private by default in January 2021 and introducing a default private setting for 16 and 17-year-olds signing up to the platform starting this month.