EU Regulator Fines TikTok €345M Over Child Data Violations

Improve the News Foundation -

Facts

  • The European Union’s chief data privacy regulator has fined TikTok €345M ($370M) for violating EU laws pertaining to the processing of children’s personal data, marking the first time the video platform has been punished by the privacy watchdog.1
  • The Ireland-based Data Protection Commission (DPC) is reprimanding ByteDance-owned TikTok for violations dating back to late 2020 and has been investigating the company’s compliance with child data protection since 2021.2
  • The investigation found that TikTok violated multiple parts of the EU’s GDPR [General Data Protection Regulation], including setting children’s accounts to the public in its default settings, which means that anyone could see their accounts.3
  • The DPC also found that TikTok’s Family Pairing feature, which allowed a child’s account to be linked with a separate adult account, failed to verify if the adult account belonged to a parent. It also ruled that the app didn’t do enough to verify children’s ages and prevent those below 13 from joining.4
  • The Chinese-based platform has come under fire from international regulators over its tie to the Chinese government and concerns about privacy. Friday’s fine is the largest privacy fine TikTok has ever faced and the fifth largest fine any tech company has received under the regulation.5
  • TikTok released a statement saying it “respectfully disagree[s]” with the privacy regulator’s decision.6

Sources: 1Reuters, 2Associated Press, 3Guardian, 4Verge, 5Politico and 6BBC News.

Narratives

  • Narrative A, as provided by Guardian. TikTok has been abusing its immense popularity with younger users to harvest their data and ignore safeguards to protect children. Not only does TikTok fail to verify the age of users and prevent children younger than 13 from joining the app, but its algorithms illegally process minors’ data to push harmful content. TikTok is not doing enough to protect children, and it must be punished for its violations.
  • Narrative B, as provided by Newsroom. This fine is heavy-handed and is not based on TikTok’s current policies regarding child data processing. TikTok has set the accounts of users 12-15 years old to private by default and it has created several protections to inform younger users about TikTok’s privacy policies. TikTok is always looking to improve, but it shouldn't be fined based on features that were present three years ago — before the DPC had even started its investigation.