TikTok has been fined €345 million — about $367 million — by an Irish regulatory agency, which ruled the app violated the EU’s data-privacy laws with respect to processing information on children users.
Ireland’s Data Protection Commission (DPC), in addition to the fine, ordered TikTok “to bring its processing into compliance” with Europe’s General Data Protection Regulation (GDPR) within three months.
During an investigation into TikTok practices spanning the second half of 2020, the DPC found that the app’s signup process for teenage users resulted in settings that made their accounts public by default, allowing anyone to view and comment on their videos. In addition, the regulator said, TikTok’s “family pairing” feature, intended to let parents and guardians manage their kids’ accounts, failed to verify whether the user was actually the child user’s parent or guardian. In addition, the adult user could use the “family pairing” feature to enable DMs for child users older than 16, “thereby making this feature less strict for the child user,” according to the DPC’s investigation.
The DPC concluded that TikTok’s age verification process did not violate GDPR, but it found that TikTok had not sufficiently protected the privacy of children under 13 who were able to sign up for an account.
In a statement, TikTok said, “We respectfully disagree with the decision, particularly the level of the fine imposed. The DPC’s criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under 16 accounts to private by default.”
In a blog post, Elaine Fox, TikTok’s head of privacy for Europe, said the company would “evaluate next steps” in response to the DPC fine and order.
“We believe our settings have always given users control over whether to choose a public or private account, but in January 2021 (eight months before the DPC launched its investigation), we became the first major platform to make all existing and new accounts for 13- to 15-year-olds private by default,” Fox wrote, outlining additional changes designed to “strengthen younger users’ privacy.”
Later this month, according to Fox, TikTok will begin rolling out “a redesigned account registration flow for new 16- and 17-year-old users that will be pre-selected to a ‘private account.'”
Meanwhile, earlier this year the U.K.’s Information Commissioner’s Office (ICO) fined TikTok more than $15 million for allegedly failing to enforce rules under which children under the age of 13 are not allowed to use the social media platform without parental consent.
In 2019, TikTok paid a $5.7 million fine to settle FTC allegations that it violated the U.S. Children’s Online Privacy Protection Act (COPPA). Under the settlement, TikTok promised to come into compliance with the law.
