TikTok is facing a hefty fine of €345 million (£296 million) for violating privacy laws related to the handling of children’s personal information, according to an announcement from an EU regulatory body. The investigation conducted by Ireland’s data protection commission revealed that TikTok’s default settings made teenagers’ accounts automatically accessible to the public, creating potential privacy risks. Even children under the age of 13, who are not supposed to be using the platform, were inadvertently exposed.
Moreover, TikTok’s “family pairing” feature, designed to enable adults to manage their child’s account settings, was found to be insufficiently robust. Teen users were guided toward more invasive privacy options during the sign-up and video-sharing process, increasing concerns over data security.
In response to these findings, TikTok has defended itself, pointing out that it had already implemented relevant changes before the Irish investigation commenced in September 2021. These changes included setting all accounts owned by individuals under 16 to private by default.
Elaine Fox, TikTok’s head of privacy for Europe, emphasized that many of the regulator’s criticisms are now outdated and no longer applicable.
The data protection commission has become a prominent privacy watchdog in the EU, overseeing the actions of global tech giants such as Facebook and Meta, which operate their European operations from Ireland. This regulatory body has previously faced criticism for the slow pace of its investigations and associated fines. Notably, it issued a record €1.2 billion fine to Meta earlier this year for transferring European user data to the US and previously fined the company for €390 million for requiring users to agree to personalized advertisements. Similar fines have been levied against WhatsApp, another Meta-owned firm, for breaching data-sharing regulations.
The fine imposed on TikTok comes as the platform endeavors to address privacy concerns among European policymakers. TikTok has taken steps in this direction by launching its first local data center in Dublin, a departure from its previous practice of storing user data on servers in the US and Singapore. Additionally, Ireland is set to host another data center, currently under construction, and a third is being built in Norway. While concerns have been raised about potential data sharing with the Chinese government, TikTok has asserted that it has no intentions of doing so and that Beijing’s laws do not extend to data held outside its borders.