The European Union has penalized TikTok with a staggering fine of $379M after the company violated the General Data Protection Regulation (GDPR) rules surrounding the treatment of children’s data. The Irish Data Protection Commission (DPC) stipulated that TikTok infringed on eight significant GDPR articles, which revolve around transparency, fairness, data security, and minors’ rights concerning data processing.
Although TikTok wasn’t found guilty regarding its age verification methods, it was criticized for not taking appropriate technical measures. Notably, the app’s settings made accounts of children public by default, exposing their content to all users, whether they used TikTok or not. The “Family Pairing” feature further allowed child accounts to link with unverified adult users without confirming if the latter were their guardians.
Reacting to the decision, a TikTok representative stated their disagreement, emphasizing that the criticized features were modified years before the probe started. They highlighted that accounts for users below 16 are now set to private by default. Elaine Fox, TikTok’s European Head of Privacy, provided further insights on their website, saying that TikTok was proactive in addressing security issues before the investigation commenced. She mentioned that TikTok had made strides in being transparent about removing suspected underage accounts, highlighting the removal of 17 million such accounts in early 2023.
According to the recent data, TikTok boasts over 134 million active users monthly within the European Union. The platform is currently mulling over its future actions, which might include a potential legal appeal in Ireland.