Google’s main regulator in the European Union, Ireland’s Data Protection Commissioner (DPC) has imposed a €345 million ($368 million) fine on TikTok, citing the app’s failure to adequately safeguard children. The DPC, responsible for overseeing TikTok’s operations in the EU, announced this decision on Friday, September 15, asserting that the company had violated the EU’s General Data Protection Regulation (GDPR).
An investigation by the DPC found that during the latter part of 2020, TikTok’s default settings fell short in terms of safeguarding minors’ accounts. For instance, it was noted that newly created children’s profiles were set to public by default, allowing anyone on the internet to access them. TikTok also failed to adequately inform children about these privacy risks and utilized tactics known as “dark patterns” to encourage users to disclose more personal information.
Furthermore, TikTok’s feature called Family Pairing, designed as a parental control tool, did not require verification of the adult overseeing a child’s account as the actual parent or guardian, which is a violation of EU privacy law. This omission implies that, in theory, any adult could have compromised the protection of a child’s privacy.
The DPC’s ruling gives TikTok a three-month window to rectify these violations and includes a formal reprimand.
TikTok responded with a blog post the same day, expressing its disagreement with certain aspects of the decision. According to TikTok’s European privacy chief, Elaine Fox, many of the criticisms in the ruling no longer apply due to measures implemented by the company at the beginning of 2021. These measures include making existing and new accounts private by default for users aged 13 to 15. Additionally, TikTok plans to roll out a redesigned account registration process later this month for new users aged 16 and 17, which will default to private settings.
While TikTok did not specify changes to the Family Pairing feature’s verification process, the company stated that it had enhanced the feature over time with new options and tools. TikTok also emphasized that none of the regulator’s findings concluded that TikTok’s age verification measures violated EU privacy and data protection law.
However, this is not the first controversy of the Chinese social network on the subject. Back in April, TikTok faced a £12.7m fine in the UK for various breaches of data protection regulations, including the misuse of children’s personal data.