TikTok has been fined $368 million by European regulators for violating children’s privacy, marking the first time the popular short video-sharing app has faced penalties for breaching Europe’s stringent data privacy regulations.
The fine, imposed by Ireland’s Data Protection Commission, the primary privacy regulator for major tech firms with European headquarters in Dublin, amounts to 345 million euros. TikTok has also been reprimanded for the privacy breaches, which occurred during the second half of 2020.
The investigation found that the sign-up process for teenage users resulted in default settings that made their accounts public, allowing anyone to view and comment on their videos. These settings also posed risks to children under 13 who accessed the platform, despite being prohibited.
Furthermore, a “family pairing” feature intended for parents to manage settings was not stringent enough, allowing adults to enable direct messaging for users aged 16 and 17 without their consent. It also pushed teenage users into more privacy-invasive options when signing up and posting videos.
TikTok expressed its disagreement with the decision, particularly the level of the fine. The company noted that most of the criticisms raised by the regulator pertained to features and settings from three years ago. TikTok stated that it had implemented changes well before the investigation began in September 2021, including setting all accounts for users under 16 to private by default and disabling direct messaging for 13- to 15-year-olds.
Elaine Fox, TikTok’s head of privacy for Europe, wrote in a blog post, “Most of the decision’s criticisms are no longer relevant as a result of measures we introduced at the start of 2021 — several months before the investigation began.”
The Irish regulator has faced criticism for the pace of its investigations into Big Tech companies since the implementation of EU privacy laws in 2018. TikTok’s case was further delayed as German and Italian regulators disagreed with parts of a draft decision issued a year ago.
To prevent future bottlenecks, the European Union’s Brussels headquarters has been tasked with enforcing new regulations aimed at fostering digital competition and cleaning up social media content. These rules are designed to maintain the EU’s position as a global leader in tech regulation.
The Irish watchdog also examined TikTok’s methods for verifying users’ ages, finding no rule violations in this regard.
The regulator is still conducting a second investigation to determine whether TikTok complied with the EU’s General Data Protection Regulation when transferring users’ personal information to China, where its parent company, ByteDance, is headquartered.
TikTok has faced concerns about potential security risks and the possibility of sensitive user data ending up in China. To address these concerns, the company has initiated a project to localize European user data, including the recent opening of a data center in Dublin, the first of three planned on the continent.
Instagram, WhatsApp, and their parent company Meta have also faced substantial fines from the Irish regulator over the past year.
You can also read: Alien Corpses Have Been Revealed To Congress