September 27, 2022 – TikTok may be fined $29 million (£27 million) in the UK for violating children’s privacy, according to a statement by the Information Commissioner’s Office.
The ICO shared on Monday the provisional findings of its investigation into the violations. The UK’s data privacy regulator has provisionally found TikTok responsible for processing the data of users aged under 13 years without parental consent. The popular Chinese-owned video-sharing app breached the UK’s data protection law between May 2018 and July 2020.
The investigation into TikTok was launched in 2019.
“We all want children to be able to learn and experience the digital world, but with proper data privacy protections,” said Information Commissioner John Edwards. “Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.”
The ICO has issued TikTok a “notice of intent”. According to the legal document, TikTok “may have failed to provide proper information to its users in a concise, transparent and easily understood way, and processed special category data without legal grounds”.
The ICO did not, however, specify the special category of data TikTok may have violated.
“While we respect the ICO’s role in safeguarding privacy in the UK, we disagree with the preliminary views expressed and intend to formally respond to the ICO in due course,” TikTok stated in response to the potential fine.
Earlier this month, Instagram was fined $400 million by the Irish Data Protection Commission (DPC) for violating teens’ privacy. The fine was imposed on parent company Meta after a two-year investigation concluded it allowed young users aged between 13 and 17 to sign up on Instagram with business accounts, which displayed their phone numbers and email addresses publicly. A user registration system on Instagram had set the accounts belonging to minors to “public” by default.