TikTok Fined $368m For Child Data Privacy Offenses

Written by

TikTok has been fined hundreds of millions of dollars after Ireland’s data protection regulator found it infringed the GDPR with regards to its processing of child users’ information.

The Data Protection Commission (DPC) published its final decision in the case on Friday, following a lengthy investigation into TikTok’s processing of children’s personal data between July 31 2020 and December 31 2020.

After objections to its decisions were raised by the supervisory authorities of Italy and Berlin, and subsequently ruled on by the European Data Protection Board (EDPB), the Ireland DPC ruled that TikTok infringed Articles 5(1)(c), 5(1)(f), 24(1), 25(1), 25(2), 12(1), 13(1)(e) and 5(1)(a) of the GDPR.

As a result, the reprimanded Chinese social media giant will not only be forced to pay a fine of €345m ($368m) but also to bring its processing into compliance within three months.

Read more on TikTok’s legal troubles: TikTok Set for Massive $92m Payout Over Privacy Suit

Specifically, the Ireland DPC found that:

  • The profile settings of children’s accounts were set to public by default, meaning anyone on or off the site could view that user’s content
  • The “Family Pairing” setting allowed a non-child user, who couldn’t be verified as parent or guardian, to pair their account to a child user’s account. This could allow the non-child user to enable direct messages for child users older than 16. The DPC said this posed “severe possible risks” to those children
  • TikTok failed to provide sufficient transparency information to child users
  • TikTok deployed “dark patterns” by persuading users to choose more privacy intrusive options when registering their accounts or posting videos

This isn’t the first time TikTok has been in regulatory hot water. In 2019 it agreed to pay $5.7m to settle FTC allegations that it broke the Children’s Online Privacy Protection Act (COPPA) by failing to seek parental consent from users under the age of 13 before collecting information.

In September last year, the UK’s Information Commissioner’s Office (ICO) announced its intention to fine TikTok £27m for failing to protect the privacy of its youngest users.

Editorial image credit: KlavdiyaV / Shutterstock.com

What’s hot on Infosecurity Magazine?