The Irish Data Protection Commission (DPC) has fined ByteDance-owned TikTok €345 million (approximately $368 million) for a series of violations of children’s data privacy. DPC is the lead regulator in the EU for many of the world’s top tech firms, due to the location of many of their regional headquarters in Ireland, Reuters reported.
An inquiry by the DPC found that between July 31, 2020 and Dec. 31, 2020, TikTok violated a number of GDPR regulations, including:
- Child user accounts were set to “public” by default, meaning anyone could view the content posted;
- The “Family Pairing” setting allowed adult users, who were not verified as the child’s parent or guardian, to pair their account to a child’s account, thereby enabling direct messaging;
- Insufficient transparency information was provided to child users; and
- TikTok employed “dark patterns” by “nudging users toward choosing more privacy-intrusive options” during registration and when posting videos.
Given these findings, DPC has issued a formal reprimand to TikTok along with the aforementioned administrative fines, and is requiring that TikTok bring its processes into compliance within three months.
Elaine Fox, TikTok’s Head of Privacy for Europe, said in a statement that the company disagrees with the decision, particularly the size of the fine. Fox pointed out that the fine is based on the way settings and features worked on the app three years ago, and since that time many of these issues have already been addressed, most of them before DPC began its probe in September 2021.
“Over 134 million people across [the EU] come to TikTok every month, and our work to protect the privacy and safety of our community — and the teenagers who are part of it — has no finish line,” said Fox in the statement. “Later this year, we will establish TikTok’s global Youth Council as a new forum for listening to the experiences of the teenagers who use our platform and to make changes to create the safest possible space for them. We’ll also continue to focus on further strengthening a culture of compliance across our business. And as illustrated with the recent Digital Services Act, we will not hesitate to make significant changes to product features and processes to ensure TikTok meets the high standard of European safety and privacy regulation.”