TikTok, the popular short-video platform owned by ByteDance, has been fined a hefty 345 million euros ($370 million) by the European Union (EU) for violating privacy laws concerning the handling of children’s personal data. The fine comes from the lead regulator in the EU, Ireland’s Data Protection Commissioner (DPC), and was announced on Friday.
The DPC revealed that TikTok breached several EU privacy laws between July 31, 2020, and Dec. 31, 2020. This marked the first instance of the DPC reprimanding TikTok, which has seen significant growth among teenagers worldwide in recent years. The regulator emphasized that TikTok’s violations included defaulting accounts for users under 16 to “public” in 2020 and failing to verify parental or guardian connections through the “family pairing” feature.
TikTok, headquartered in Ireland, faced disagreement from the company’s spokesperson regarding the decision and the size of the fine. They pointed out that many of the criticisms were addressed before the DPC’s investigation commenced in September 2021, highlighting subsequent measures taken to enhance parental controls and privacy settings, Reuters news report said.
In response to the findings, TikTok intends to further update its privacy materials, clarifying the distinction between public and private accounts. Starting later this month, new users aged 16 to 17 will have a private account pre-selected upon registration.
The DPC granted TikTok three months to rectify all identified processing infringements. Additionally, the DPC is currently conducting a separate investigation into TikTok’s transfer of personal data to China and its compliance with EU data laws for data transfers outside the EU.
Under the EU’s General Data Protection Regulation (GDPR), enacted in 2018, the lead regulator for any company can impose fines of up to 4 percent of the company’s global revenue. The DPC, known for levying substantial fines on tech giants, currently has 22 inquiries open into multinational companies based in Ireland, demonstrating a strong commitment to upholding privacy and data protection standards.