European regulators have TikTok fined with $368 million fine to adequately protect children’s privacy. It marked the first instance of the popular short video-sharing platform facing penalties for breaching Europe’s stringent data privacy regulations.
The fine, which amounts to 345 million euros, was issued by Ireland’s Data Protection Commission. The primary privacy regulator overseeing major tech companies with their European headquarters predominantly based in Dublin. The sanctions come in response to violations that occurred during the latter half of 2020.
The investigation revealed that the sign-up process for teenage users resulted in default settings that made their accounts publicly accessible. It permit anyone to view and comment on their videos. These default settings also posed a risk to children under the age of 13 who gained unauthorized access. This became reason that tiktok fined.
Additionally, a “family pairing” feature intended for parents to manage settings was found to be insufficiently strict, allowing adults to enable direct messaging for users aged 16 and 17 without their consent. It also nudged teenage users towards more privacy-invasive options during the sign-up and video posting process.
In response, TikTok expressed disagreement with the decision, particularly the magnitude of the fine imposed. The company pointed out that many of the regulator’s criticisms pertained to features and settings from three years ago. It had implemented changes well before the investigation commenced in September 2021. These changes included making all accounts for teenagers under 16 private by default. It disable direct messaging for users aged 13 to 15.
TikTok’s Head of Privacy for Europe, Elaine Fox, emphasized in a blog post that most of the criticisms outlined in the decision were no longer relevant due to measures introduced at the beginning of 2021, several months before the investigation began.
TikTok’s Head of Privacy for Europe
The Irish regulator has faced criticism for the perceived slow pace of its investigations into major tech companies since the implementation of EU privacy laws in 2018. In the case of TikTok, disagreements between German and Italian regulators over parts of a draft decision issued a year ago further delayed the process.
To address these issues and streamline the regulatory process, the European Union’s Brussels headquarters has been tasked with enforcing new regulations aimed at promoting digital competition and enhancing oversight of social media content. These rules are designed to reinforce the EU’s position as a global leader in tech regulation.
In response to objections raised by German authorities, Europe’s top panel of data regulators found that TikTok’s pop-up notices for teen users failed to present choices in a neutral and objective manner, especially with regard to privacy decisions.
The Irish regulator also examined TikTok’s measures to verify users’ age, determining that they did not violate any rules. However, a second investigation is ongoing to determine whether TikTok complied with the EU’s General Data Protection Regulation when transferring users’ personal information to China, where its parent company, ByteDance, is headquartered.
TikTok fined has faced allegations of posing a security risk. Due to concerns that sensitive user data could end up in China. In response, the platform has initiated a project to localize European user data. It include recent opening of a data center in Dublin, which is the first of three planned for the continent.
Notably, the Irish regulator has also imposed significant fines on other tech giants. Such as Instagram, WhatsApp, and Meta (formerly Facebook) in the past year for various privacy-related violations.