Due to TikTok’s handling of children’s data, the Irish Data Protection Commission (DPC) fined the company €345 million (roughly $368 million).
The investigation, which was started in September 2021, looked into how the well-known short-form video platform handled user data pertaining to children (those between the ages of 13 and 17) between July 31 and December 31, 2020.
One or more of the key conclusions is that The default setting for the content posted by young users was public,
making it accessible to anyone (using TikTok or not) and subjecting the users to additional dangers. a failure to inform young users about transparency the use of sneaky techniques to encourage users to choose privacy-invasive options during the registration process and when uploading videos A flaw in the Family Sharing setting allowed any non-child user—someone who could not be confirmed to be a parent or guardian—to pair their account with that of a minor’s, enabling direct messages for children under the age of 16 by the adult user.
The DPC has mandated TikTok to bring its processing systems into compliance within three months, in addition to the monetary fine. “Social media companies have a responsibility to avoid presenting choices to users, especially children, in an unfair manner – particularly if that presentation can nudge people into making decisions that violate their privacy interests,” said Anu Talus, EDPB Chair. “Privacy options should be presented in a neutral and objective manner, avoiding any kind of misleading or manipulative language or design.
The business disagreed with the choice and stated in a statement posted on its website that the criticisms were directed at settings and features that existed three years ago and had since been changed by making all accounts for users under 16 private by default. It is immediately apparent whether the business plans to challenge the judgment. The business added that it will launch a modified account registration process, with pre-selected private accounts, for new 16 and 17-year-old users later this month. In the EU, TikTok has about 134 million monthly users.
The French data protection watchdog previously fined TikTok €5 million (roughly $5.4 million) in January 2023 for violating the rules regarding cookie consent and for making the opt-out process more difficult than opting in. The U.K. Information Commissioner’s Office (ICO) then fined it £12.7 million in April 2023 for improperly handling the data of 1.4 million children under 13 who used its platform without parental consent.
Outside of Europe, the ByteDance-owned business also paid a $5.7 million fine in 2019 to resolve claims that it violated the Children’s Online Privacy Protection Act (COPPA) by failing to obtain parental consent from users under the age of 13 before collecting information. The news comes just a few days after the Attorney General of California announced that Google would pay $93 million to settle a privacy lawsuit alleging that the company had collected user location data for consumer profiling and advertising without their knowledge.
