In a significant development that underscores the increasing importance of data privacy, TikTok has been slapped with a hefty fine of 345 million euros ($370 million) in the European Union. The primary concern? The way TikTok handled the data of its younger users.
The short-video giant, originating from China and gaining massive traction among teenagers globally, was found violating EU privacy regulations, specifically between July 31, 2020, and December 31, 2020. This revelation comes from the Ireland’s Data Protection Commissioner (DPC), the frontline regulator for several global tech giants in the EU, courtesy of their regional headquarters being located in Ireland.
Interestingly, this marks the first time TikTok, a ByteDance subsidiary, has faced censure from the DPC. Responding to the decision, a TikTok spokesperson expressed disagreement, especially regarding the magnitude of the fine. The spokesperson emphasized that most criticisms were already addressed with measures introduced before the DPC’s investigation, which commenced in September 2021.
Among the notable breaches highlighted by the DPC was TikTok’s 2020 default setting, where accounts of users under 16 were public. The “family pairing” feature also came under scrutiny for its lack of verification to ensure that linked individuals were genuine guardians or parents of child users. However, in a proactive move, TikTok enhanced parental controls in November 2020 and by January 2021, had set the default to “private” for users under 16. Furthermore, TikTok has expressed plans to clarify the distinction between public and private accounts, aiming for pre-selected private accounts for new users aged 16-17 starting later this month.
The ripple effect of TikTok’s fined status extends beyond this fine. The platform has been granted a three-month window by the DPC to align its processes where violations were detected. On another front, TikTok’s data transfer to China is under the DPC lens, probing its compliance with EU data laws concerning data transfer outside the bloc.
The implications of such violations are immense, especially with the EU’s General Data Protection Regulation (GDPR) in place since 2018, allowing fines of up to 4% of a company’s global revenue.
