TikTok, the popular Chinese social network, has been fined 345 million euros for violating the privacy of teenagers in Europe. The Irish Data Protection Commission (DPC) found that TikTok did not protect the personal data of teenagers, making their accounts public by default. The commission also found that the application did not take sufficient measures to eliminate the risks that users slightly older than 13 may face.
In September this year, the DCP fined TikTok for allowing minors to access risky content. The review covered a five-month period from July 2020 to December 31, 2020. It found that TikTok's data processing during this period violated the provisions of the General Data Protection Regulation regarding children aged 13 to 17.
The Irish data regulator is responsible for all inspections of TikTok under the General Data Protection Regulation. This is due to the fact that the company currently has a European base in Dublin. However, given that the alleged violations are EU-wide, the final decision must be approved by the European Data Protection Board.
Fine details
The €345 million fine is the largest-ever privacy fine for TikTok and the fifth-largest fine imposed on any tech company under the General Data Protection Regulation (GDPR). The DPC found that TikTok breached the GDPR by making child user accounts public by default, failing to provide transparent information to child users, allowing an adult to access a child's account in 'family couple' mode to enable direct messaging for over 16s years of age, and without adequately considering the risks to children under the age of 13 who are on a publicly accessible platform. The DPC ordered TikTok to bring its data processing mechanisms into compliance within three months.
TikTok's answer
TikTok said it would comply with the order to change the misleading design. This will be done by extending such default privacy settings to new user accounts. Mainly targeting 16- to 17-year-old users, it will hit the market later in September. Changes will also be made to the popup that young users see when they first post a video. These changes will be implemented over the next three months. TikTok added that criticism of the DPC focused on features and settings that existed three years ago. The company said it has since made changes to address issues raised in the investigation. The company also confirmed that it has appealed the fine to the General Court of the EU.
Final words
TikTok's 345 million euro fine for violating the privacy of teenagers in Europe is a huge development in the ongoing debate about privacy and regulation on the Internet. The fine is a reminder that companies must take steps to protect their users' personal data. TikTok's response to the fine indicates that the company is taking steps to address the issues raised by the DPC. However, the company is also challenging the fine in the Court of General Jurisdiction of the EU.