TikTok Fined £12.7m For Violating UK Data Privacy Laws

Written by

The Information Commissioner’s Office (ICO) in the UK has issued a fine of £12.7m ($15.75m) to social media firm TikTok for breaching the country’s data protection law on multiple counts.

TikTok failed to obtain parents’ consent for under 13s using its platform and did not carry out adequate checks to identify and prevent underage children from using the social media app.

“There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws,” said UK Information Commissioner, John Edwards.

The privacy watchdog said the inadequacy of the response caused an estimated one million under 13s to inappropriately access the platform, with TikTok collecting and using their personal data. 

Read more on TikTok data collection here: TikTok Engaging in Excessive Data Collection

“That means that their data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll,” Edwards added.

Further, the ICO said that TikTok generally failed to provide proper information to people using the platform about how their data is collected, used and shared. The company also neglected to make sure UK user data was processed “lawfully, fairly and in a transparent manner.”

It is worth noting that the ICO’s original note of intent showed plans to fine TikTok £27m ($33m) due to the unlawful use of special category data. However, the ICO ultimately decided not to pursue the provisional finding in that regard.

After the ICO concluded its investigation, the regulator announced the publication of its Children’s Code to help protect underage individuals online.

The fine comes days after TikTok’s general counsel, Erich Andersen, defended the company’s data collection policy in the US.

Editorial image credit: Mykolastock / Shutterstock.com

What’s hot on Infosecurity Magazine?