EU imposes $379 million fine on TikTok - Here's why
The Irish data regulator has now mandated that TikTok must align its data processing with compliance standards within a three-month timeframe, following specified actions.
The popular short-video app TikTok has received a hefty fine of 345 million euros ($379 million) from the Irish Data Protection Commission (DPC) for not adequately safeguarding children's data on its platform. This penalty, issued under the European Union’s General Data Protection Regulation (GDPR), comes as a result of TikTok's handling of personal data belonging to young users of its service.
Reportedly, the DPC identified eight breaches of the GDPR in its investigation, which also scrutinised TikTok's transparency obligations, including how much information was provided to child users regarding default settings. The Irish data watchdog has mandated that TikTok rectify its data processing practices within a three-month period to comply with regulations.
ALSO READ | X introduces notification feature for community notes deletions: Know what it is
In response, TikTok expressed its disagreement with the decision, particularly the magnitude of the fine. The company mentioned in a statement that it “respectfully disagrees with the decision, particularly the level of the fine imposed”.
The company pointed out that the DPC's criticisms were focused on features and settings from three years ago, many of which had already been addressed, such as setting all accounts for users under 16 to private by default.
ALSO READ | X introduces new feature: Premium users can now hide 'Likes' tab
Elaine Fox, TikTok’s head of privacy in Europe, mentioned in a blog post that the company had taken steps to address safety concerns prior to the DPC's investigation, like automatically setting accounts of users aged 13-15 to private by default.
Meanwhile, the DPC's investigation centered on a five-month period from July 31, 2020, to December 31, 2020, assessing TikTok's compliance with GDPR obligations in relation to the processing of personal data for child users. The inquiry specifically examined platform settings, including those defaulted to the public, as well as features like "Family Pairing," and scrutinised age verification as part of the registration process.