The Data Protection Commissioner in Ireland has imposed a fine of 345 million euros ($370 million) on TikTok for violating privacy laws regarding the handling of personal data of minors in the European Union. The Commissioner is the main regulatory authority in the EU responsible for dealing with many major technology companies headquartered in Ireland.
In a statement, the Data Protection Commissioner noted that the short video platform, owned by China, has rapidly gained popularity among minors worldwide in recent years and breached several EU privacy laws between July 31 and December 31, 2020. This is the first time TikTok, owned by ByteDance, has faced a penalty from the Data Protection Commissioner in Ireland.
A spokesperson for TikTok asserted that the company disagrees with the decision, particularly the size of the fine, and that most of the criticisms are no longer relevant due to actions the company took prior to the commencement of the European regulatory investigation in September 2021.
The Data Protection Commissioner stated that TikTok’s violations included categorizing accounts of users under the age of 16 as "public" in 2020, and not verifying whether users were indeed parents or guardians when linking accounts to the "family supervision" feature.
TikTok has since implemented stricter parental controls on the family supervision feature and changed the standard settings for all users under 16 to "private" in 2021. TikTok announced on Friday that it plans to make further amendments to its privacy materials to clarify the distinction between public and private accounts, and that accounts belonging to new users aged 16 to 17 will be set to private upon registration in the app starting later this month.
The Data Protection Commissioner has given TikTok three months to comply with all processing activities that violated the rules.
