TikTok fined €345m in Europe over children's privacy
All fixed, nothing to see here, says TikTok
European regulators have imposed a hefty €345 million fine on popular short video-sharing platform TikTok, citing its inadequate protection of children's personal data.
The fine was issued by Ireland's Data Protection Commission (DPC), the primary privacy regulatory authority overseeing major tech firms headquartered in Dublin.
The Irish DPC conducted an investigation into TikTok's compliance with privacy protection responsibilities concerning users aged 13 to 17. The inquiry encompassed the examination of the platform's settings for child users and the measures taken to verify users' age.
The findings revealed that the app directed users towards privacy-compromising choices both during the account registration process and when posting videos.
The violations took place during the period from 31st July 2020 to 31st December 2020.
The regulator noted that TikTok's default settings for teenage accounts rendered them public, which meant their information was readily accessible. This was compounded by the fact that the videos posted by these users were also set to public by default, allowing anyone to leave comments.
Furthermore, these default settings posed a potential risk to children under the age of 13 who managed to access the platform, despite being prohibited from doing so.
Additionally, the DPC highlighted that the "family pairing" feature, intended for parents to manage settings, lacked sufficient strictness in implementation. These shortcomings enabled adults to activate direct messaging for users aged 16 and 17 without obtaining their consent, potentially jeopardising their privacy.
The platform also actively encouraged teenage users to opt for more "privacy-intrusive" choices during both the registration and video posting processes, as noted by the regulatory body.
TikTok has expressed its disagreement with the regulatory decision, especially regarding the level of the fine imposed.
The company said a number of the features and settings that were scrutinised and criticised by the regulator had already been rectified prior to the commencement of the investigation in 2021.
TikTok said they had already taken steps to set accounts for users under 16 to private by default and had disabled direct messaging for users aged 13 to 15.
"Most of the decision's criticisms are no longer relevant as a result of measures we introduced at the start of 2021 — several months before the investigation began," TikTok's head of privacy for Europe, Elaine Fox, wrote in a blog post.
This marks the first instance where the Chinese video-sharing app has faced penalties under Europe's data privacy regulations.
The DPC is currently conducting a second investigation to determine if TikTok adhered to the EU's General Data Protection Regulation (GDPR) when it transferred users' personal data to China, where its parent company, ByteDance, is headquartered.
TikTok has earlier faced accusations that it may pose a risk to users' privacy by potentially transferring their sensitive data to China.
Earlier this year, the UK Information Commissioner's Office (ICO) imposed a fine of £12.7 million on TikTok after determining that the platform permitted 1.4 million children in the UK to register, even when they were below the age of 13.
The investigation revealed that TikTok had been handling the data of these children without obtaining consent or authorisation from their parents or guardians. Furthermore, it failed to ensure that this data was processed in a fair and transparent manner.
The ICO pointed out that the information regarding the data processing was insufficient, preventing users from making an informed choice before registering.