Landmark Fine: TikTok Faces €345 Million Penalty for EU Data Violation
TikTok fined €345 million for EU privacy breach involving children's data. Learn about the landmark penalty from Ireland's Data Protection Commissioner.
TikTok, the widely popular short-video platform, is facing a hefty fine of 345 million euros ($370 million) for violating privacy regulations pertaining to the handling of children's personal data within the European Union. This significant penalty has been imposed by Ireland's Data Protection Commissioner (DPC), which serves as the key regulatory authority for numerous major global tech companies with their regional headquarters situated in Ireland.
TikTok fined €345 million for mishandling EU children's data.
Breaches occurred between July and December 2020.
TikTok disputes fine, citing pre-investigation measures.
DPC allows three months for compliance; separate probe ongoing.
The investigation carried out by the DPC has unveiled that during the period between July 31, 2020, and Dec. 31, 2020, TikTok, which is owned by Chinese tech giant ByteDance, ran afoul of several EU privacy statutes. This marks the very first instance of TikTok being subjected to reprimand by the DPC.
TikTok has responded to this development by expressing its dissent, particularly with regard to the scale of the fine imposed. The company has underlined that many of the concerns raised have already been addressed through a series of measures that were put into effect prior to the initiation of the DPC's investigation in September 2021.
Among the breaches identified by the DPC was the default setting in 2020, which automatically designated accounts for users below the age of 16 as "public". Furthermore, TikTok was found to have neglected the verification process for users utilizing the "family pairing" feature to establish their identity as the parents or guardians of child users.
In response to these findings, TikTok took proactive steps by enhancing parental controls for family pairing in November 2020. Additionally, in January 2021, the company made the decision to alter the default setting for all users below the age of 16 to "private".
In an effort to further fortify its privacy protocols, the company has announced its intention to update privacy materials, ensuring a more conspicuous differentiation between public and private accounts. As of later this month, new users within the 16-17 age bracket will find a private account pre-selected when they register for the app.
The DPC has extended a three-month window for TikTok to rectify any compliance discrepancies that were identified during the course of the investigation.
Concurrently, a separate inquiry is underway to scrutinize TikTok's practices concerning the transmission of personal data to China, and its alignment with EU data regulations when data is transferred outside the bloc. The DPC has indicated that a preliminary draft decision for this particular investigation is currently in the works.
In accordance with the EU's General Data Protection Regulation (GDPR) of 2018, the lead regulator for a company has the authority to impose fines of up to 4% of the company's global revenue.
The DPC has demonstrated its willingness to impose substantial fines on other tech giants, as seen in the case of a combined 2.5 billion euros levied on Meta.
As of the conclusion of 2022, the DPC had a total of 22 active inquiries in progress, all of which pertained to multinational companies with their headquarters based in Ireland.