TikTok Slapped with $370 Million Fine for Violating Privacy Laws

Fri Sep 15 2023
icon-facebook icon-twitter icon-whatsapp

DUBLIN: TikTok, the popular Chinese-owned short-video platform, has been slapped with a hefty fine of 345 million euros ($370 million) by the European Union for violating privacy laws concerning the handling of children’s personal data. This marks the first time TikTok, owned by ByteDance, has faced such sanctions from the EU.

The breaches occurred between July 31, 2020, and December 31, 2020, according to Ireland’s Data Protection Commissioner (DPC), which serves as the lead regulator in the EU for many major tech companies. During this period, TikTok ran afoul of several EU privacy laws.

One of the key issues highlighted by the DPC was that in 2020, TikTok set the default privacy setting for user accounts under the age of 16 to “public.” Furthermore, the platform did not adequately verify whether individuals linking their accounts through the “family pairing” feature were, in fact, parents or guardians of underage users.

TikTok did make some changes in response to these concerns, implementing tougher parental controls for family pairing in November 2020 and switching the default setting for users under 16 to “private” in January 2021. The company also plans to make privacy settings clearer and will pre-select “private” accounts for new users aged 16-17 registering later this month.

TikTok expressed its disagreement with the DPC’s decision, especially the size of the fine, and noted that many of the issues raised had been addressed through measures introduced prior to the DPC’s investigation, which began in September 2021.

The DPC has given TikTok a three-month deadline to bring all of its data processing practices into compliance with EU regulations. Additionally, the DPC is conducting a separate investigation into TikTok’s transfer of personal data to China and whether it adheres to EU data laws when sending data to countries outside the EU.

Under the EU’s General Data Protection Regulation (GDPR) introduced in 2018, the lead regulator for a company can impose fines of up to 4% of the company’s global revenue. The DPC has previously levied substantial fines on other tech giants, including a combined 2.5 billion euros imposed on Meta.

As of the end of 2022, the DPC had 22 inquiries open into multinational companies headquartered in Ireland.

icon-facebook icon-twitter icon-whatsapp