TikTok, the widely-used short-video platform owned by ByteDance, is facing a hefty €345 million ($370 million) fine due to its breach of European Union (EU) privacy laws concerning the handling of children’s personal data. The EU’s lead regulatory authority for major tech companies, Ireland’s Data Protection Commissioner (DPC), announced this penalty. The privacy violations took place from July 31, 2020, to December 31, 2020.
This marks the first instance of TikTok receiving such a stern reprimand from the DPC, which holds this influential role in the EU because many top tech companies have their regional headquarters in Ireland.
Among the infractions cited by the DPC was TikTok’s default setting in 2020, which made accounts of users under 16 “public” by default. Furthermore, TikTok did not adequately verify whether a user was genuinely the parent or guardian of a child user when using the “family pairing” feature.
TikTok did take steps to address some of these concerns. For example, in January 2021, the platform changed the default setting for all users under 16 to “private.” Additionally, in March 2023, the company announced that it’ll soon set a 60-minute daily screen time limit for underage users.
In response to the fine, TikTok expressed its disagreement with the decision, particularly regarding the size of the penalty. The company argued that most of the criticisms had already been addressed with measures implemented before the DPC initiated its investigation in September 2021.
TikTok now has a three-month window to bring all of its data processing practices into compliance wherever violations were identified.
This is not the first for TikTok to face fines due to children data breaches. In April, the Information Commissioner’s Office of the UK announced that it has issued a fine of £12.7 million ($15.8M) to TikTok due to several violations of the country’s data protection law, such as misusing children’s data.