European Commission Penalizes TikTok with 345 Million Euro Fine for Mismanagement of Children’s Data
DUBLIN: TikTok has been fined 345 million euros ($370 million) for breaching data protection laws in the European Union on the handling of children’s personal data, its top regulator in the bloc said on Friday.
The Chinese-owned short video platform, which has seen rapid growth among teenagers around the world in recent years, breached several EU data protection laws between July 31, 2020 and December 31, 2020, Ireland’s Data Protection Commissioner (DPC) said. in the statement.
This is the first time that ByteDance-owned TikTok has been reprimanded by the DPC, the EU’s lead regulator for many of the world’s biggest tech companies, for having their regional headquarters in Ireland.
A spokesperson for TikTok said it disagreed with the decision, particularly the size of the fine, and that most of the criticism was no longer relevant due to the measures it put in place before the DPC’s investigation began in September 2021.
The DPC said TikTok’s breaches included how in 2020 the accounts of users under the age of 16 were set to “public” by default, and that TikTok did not check whether the user was actually the child’s parent or guardian when linked through “family pairing”. feature.
TikTok added stricter parental controls for family pairings in November 2020 and changed the default setting for all registered users under 16 to “private” in January 2021.
TikTok said Friday that it plans to further update its privacy materials to clarify the differences between public and private accounts, and that new users aged 16 to 17 will be given a private account option when they register for the app later. in this month.
The DPC gave TikTok three months to bring all its processing into compliance if violations were found.
It has another investigation into TikTok’s transfer of personal data to China and whether it complies with EU data laws when transferring personal data to countries outside the bloc. In March, the DPC announced that it was preparing a preliminary draft decision on the investigation in question.
Under the EU’s General Data Protection Regulation (GDPR), introduced in 2018, any company’s lead regulator can impose fines of up to 4% of the company’s global turnover.
The DPC has hit other tech giants with large fines, including a total of 2.5 billion euros collected from Meta.
At the end of 2022, it had 22 surveys of multinational companies operating in Ireland.