TikTok is set to be fined millions for illegally processing children’s data in the European Union (EU) following a ruling made on Friday by the region’s data protection watchdog.
The European Data Protection Board (EDPB) found TikTok guilty of breaching the data of underage users in conclusion to an investigation launched in 2021. Following the EDPB’s decision, the Irish Data Protection Commission (IDPC) is expected to issue a multi-million-dollar fine against the popular short-video app within a month.
The financial penalty, constituted under the General Data Protection Regulation (GDPR), will be one of the biggest of its kind for TikTok, which has already been struggling with intense regulatory scrutiny not only in the US and UK, but other emerging markets the world over.
The investigation primarily focused on TikTok’s handling of personal data belonging to users aged 13 to 17 years. The investigation found that TikTok failed to ensure age verification for underage users, which led to the breach of their personal information.
TikTok had submitted legal objections to an earlier ruling in the case; however, the EU’s data protection regulator subsequently “adopted a dispute resolution decision” leading to the potential fine.
TikTok is also being investigated for the level of transparency on how the company processes children’s data, according to reports by European media. In response to the rigorous scrutiny by data protection authorities in the region, TikTok has also ramped up remedial and protective measures to improve its compliance with the heavily anticipated incoming legislation, the Digital Services Act (DSA).
The DSA, which is set to come into force on August 25, will require leading tech corporations such as Facebook’s Meta Platforms, Google and YouTube’s Alphabet Inc., Amazon, Microsoft, among others, to monitor content on their platforms to effectively counter harmful and illegal material.
The DSA will also oblige tech companies to share specific data with authorities and cut back certain advertising practices.
Last month, TikTok participated in a voluntary “stress test” related to the DSA, but the company’s practices did not help it much in gaining the regulators’ trust. Following the test, Thierry Breton, the EU tech commissioner, remarked that TikTok needed to step up its effort in order to be more compliant with the Act.
“TikTok is dedicating significant resources to compliance. Now it’s time to accelerate to be fully compliant,” Breton said in a statement to CNN.
Earlier in April, TikTok was slapped with a fine amounting to $16 million in the UK for processing personal data of children without obtaining informed parental consent. The breaches reportedly took place between 2018 and 2020.
There are over 150 million TikTok users in Europe. TikTok’s parent company, ByteDance, reported revenues of $80 billion in 2022 in the EU alone.
