TikTok has been penalized for 345 million euros, equivalent to $370 million, for violating privacy laws in the European Union surrounding the processing of children’s data, the company’s primary regulator in the EU announced on Friday.
According to a statement released by Ireland’s Data Protection Commissioner (DPC), the Chinese-owned short-video platform, which has seen tremendous growth among teens worldwide in recent years, violated several EU privacy rules between July 31, 2020, and December 31, 2020. The DPC disclosed this information.
It is the first time that the DPC, which is the principal regulator in the EU for many of the world’s biggest tech corporations due to the placement of their regional headquarters in Ireland, has penalized TikTok, which ByteDance owns.
A spokeswoman for TikTok stated that the company did not agree with the decision, notably the amount of the punishment, and that the majority of the criticisms are no longer relevant as a consequence of the actions that the company implemented before September 2021, when the DPC initiated the investigation into the company.
According to the DPC, TikTok’s security flaws included the following: in 2020, accounts for users under the age of 16 were set to “public” by default; when users were linked through the “family pairing” feature, TikTok did not verify if a user was indeed a child user’s parent or guardian; and in 2020, accounts for users under the age of 16 were set to “public” by default.
In November 2020, TikTok introduced more stringent parental controls to its family matching feature. In January 2021, the app defaulted to the “private” privacy setting for users under 16 who had previously established an account.
TikTok announced on Friday that it intends to enhance its privacy documents further to clarify the distinctions between public and private accounts. Additionally, the company stated that a private account will be pre-selected for new users between the ages of 16 and 17 who registered for the app beginning later this month.
The DPC gave TikTok three months to put all of its procedures into compliance where infractions had been detected in those areas.
It has begun a second investigation into whether or not TikTok complies with EU data law when moving personal data to countries outside of the bloc. This investigation focuses on whether or not TikTok transferred personal data to China. The DPC stated back in March that it was working on putting together a preliminary draft conclusion regarding that probe.
By the General Data Protection Regulation (GDPR) passed into law in 2018 by the European Union, the lead regulator for any particular company has the authority to levy fines of up to 4% of the company’s total turnover worldwide.
The DPC has levied significant fines against other colossal players in the computer industry, including a total of 2.5 billion euros against Meta (META.O).
At the end of 2022, it has open investigations into 22 international companies with headquarters in Ireland.
Comment Template