In a significant development, a prominent European tech regulator has imposed a hefty €345 million ($368 million) fine on TikTok, asserting that the popular app failed in its duty to safeguard children’s privacy adequately.
The Irish Data Protection Commission (DPC), responsible for overseeing TikTok’s operations within the European Union, delivered this stern ruling after determining that the platform had violated the EU’s crucial privacy regulations.
A thorough investigation by the DPC revealed that TikTok’s default settings during the latter part of 2020 did not provide adequate protection for children’s accounts. For instance, it was found that newly created children’s profiles were automatically set to public visibility, allowing anyone on the internet to access them. The regulator also pointed out that TikTok had not adequately informed young users about these privacy risks and had employed what are known as “dark patterns” to encourage users to divulge more of their personal information.
Another breach of EU privacy law identified by the DPC pertained to a TikTok feature called Family Pairing, designed as a parental control tool. It was revealed that this feature did not require the adult overseeing a child’s account to be verified as the child’s actual parent or guardian. This lapse potentially allowed any adult to compromise a child’s privacy settings, as highlighted by the regulator.
TikTok introduced Family Pairing in April 2020, enabling adults to link their accounts with those of their children to manage screen time, control content access, and restrict direct messaging to minors.
The DPC’s ruling stipulates that TikTok must rectify its violations within three months and includes an official reprimand.
However, in a blog post following the decision, the company expressed respectful disagreement with certain aspects of the ruling. TikTok’s European privacy chief, Elaine Fox, noted that many of the criticisms raised by the decision had become irrelevant due to measures implemented by the company at the beginning of 2021. Fox highlighted changes such as setting existing and new accounts as private by default for users aged 13 to 15. Furthermore, TikTok plans to introduce a revamped account registration process for new users aged 16 and 17, which will also default to private settings.
Although TikTok did not specifically mention whether Family Pairing would introduce stricter verification of the adult’s relationship with the child, the company asserted that the feature had been continuously enhanced with new options and tools. TikTok also emphasized that none of the regulator’s findings indicated that the platform’s age verification procedures violated EU privacy laws.
This fine in Europe follows a previous fine imposed on TikTok in the United Kingdom in April for various breaches of data protection law, including the misuse of children’s personal data.