In a major regulatory development, TikTok has been fined $370 million for violating privacy rules related to the handling of underage users’ personal data in the European Union (EU), Ireland’s Data Protection Commission (DPC), the region’s lead regulator, has announced.
The popular short-video platform, which is owned by Chinese tech conglomerate ByteDance (headquartered in Singapore), had long been facing an intense probe into its questionable handling of child privacy and processing of underage users’ data. The regulator found that TikTok committed a number of breaches of EU laws concerning the online privacy of minors between July 31, 2020, and December 31, 2020. The probe was launched in September 2021.
The substantial financial penalty is the first imposed on TikTok by the DPC, which regulates several leading tech companies in the EU, including Facebook and Instagram’s parent Meta Platforms, Google’s Alphabet Inc., and Apple Inc. The violations included TikTok’s exposure of users under the age of 16 by setting their accounts to “public” by default. TikTok also failed to verify the true identity of account holders, hence overlooking whether they were a minor’s parent or guardian when connected to the account via the company’s “Family Pairing” feature.
TikTok has objected to the DPC’s decision and the large amount of fine imposed on the company. It contested the relevancy of the regulator’s critical assessment of the platform’s practices citing the measures the company introduced months before the DPC started its investigation. Nevertheless, TikTok has announced plans to make further updates regarding child accounts.
TikTok’s Family Pairing initiative, which offers various parental controls, was beefed up in March this year with a daily screen time limit of 60 minutes. The feature requires a user’s parent or guardian (who has set up the account) to re-enter the password once the previous session has ended. The update also includes summaries of times TikTok is used on the device and a breakdown of the total amount of time the app is used during the day and night. The accounts of underage users were turned to “private” in the app’s default settings in January 2021.
The Family Pairing update had arrived in the wake of the mounting regulatory scrutiny around TikTok in the US, where calls for a nationwide ban from politicians against the immensely popular app has left ByteDance scrambling for ways to appease lawmakers and regulators. The widespread security concerns persist from fears that TikTok might be forced to hand over sensitive data of US citizens to the Chinese government (led by the Chinese Communist Party or CCP) under the country’s strict regulations. TikTok has, however, denied such reports and claimed the firm takes the privacy of its users seriously.
In Europe, on the other hand, the regulatory scrutiny gained momentum after ByteDance disclosed that some of the TikTok staff based in China could access the data of EU users. TikTok has since been banned from government devices in almost half of the US states, the EU, and in other countries, including Canada, Australia, and New Zealand.
To allay security concerns of lawmakers and regulators, TikTok has launched a security initiative called Project Clover. Under this programme, TikTok will store user data on local servers in European markets. The project went live earlier this month, with the company setting up its first of the planned three data centres in Dublin, Ireland.
