Social media app TikTok has been slapped with a multi-million dollar fine for failing to protect children’s privacy in the European Union.
Key points:
- The $EU345 million fine is the first time TikTok has been punished for breaching Europe’s strict data privacy rules
- The investigation found the sign-up process resulted in settings that made child accounts public by default, allowing anyone to view videos
- TikTok says the regulator’s criticisms focused on features and settings dating back to 2020
The $EU345 million ($570 million) fine is the first time the popular short-form video platform has been punished for breaching Europe’s strict data privacy rules.
Ireland’s Data Protection Commission, the lead regulator in the EU for many of the world’s top tech firms, said it was fining TikTok for violations dating back to the second half of 2020.
The investigation found the sign-up process for teen users resulted in settings that made their accounts public by default, allowing anyone to view and comment on their videos.
Those default settings also posed a risk to children under 13 who gained access to the platform even though they are not allowed.
The regulator found a “family pairing” feature — designed for parents to manage settings — was not strict enough, allowing adults to turn on direct messaging for users aged 16 and 17 without their consent.
The app also nudged teen users into more “privacy intrusive” options when signing up and posting videos, the watchdog said.
TikTok said it disagrees with the decision, “particularly the level of the fine imposed”.
The company said the regulator’s criticisms focused on features and settings dating back three years.
The ByteDance-owned company said it had made changes well before the investigation began in September 2021.
Such changes included making all accounts for teens under 16 private by default and disabling direct messaging for 13—15-year-olds, it said.
“Most of the decision’s criticisms are no longer relevant as a result of measures we introduced at the start of 2021 — several months before the investigation began,” TikTok’s European head of privacy Elaine Fox wrote in a blog post.
The Irish watchdog also examined TikTok’s measures to verify whether users are at least 13 but found they did not break any rules.
The regulator is still carrying out a second investigation into whether TikTok complied with the EU’s General Data Protection Regulation when it transferred users’ personal information to China where ByteDance is based.
TikTok has faced accusations it poses a security risk over fears that users’ sensitive information could end up in China.
AP