TikTok faces massive €345 million fine over child data breaches in EU

September 16, 2023THNPrivacy / Technology

The Irish Data Protection Commission (DPC) has fined TikTok €345 million (approximately $368 million) for violating the European Union’s General Data Protection Regulation (GDPR) in relation to concerns its processing of children’s data.

The investigation, opened in September 2021, examined how the popular short video platform processed personal data relating to child users (aged 13 to 17) between July 31 and December 31, 2020.

Some of the key findings include –

• Content posted by child users was made public by default, allowing anyone (with or without TikTok) to view the content and exposing them to additional risk.
• A failure to provide transparency information to child users
• Implementing dark templates to trick users into opting for intrusive options during the registration process and when posting videos.
• A weakness in the Family Sharing setting that allowed any non-child user (someone who could not be verified as a parent or guardian) to pair their account with that of a minor, allowing the user adult to enable direct messages. for children over 16 years old

In addition to the financial sanction, the DPC ordered TikTok to bring its processing mechanisms into compliance within three months.

“Social media companies have a responsibility to avoid presenting choices to users, particularly children, in an unfair manner – particularly if that presentation may influence people to make decisions that violate their privacy interests “, Anu Talus, President of the EDPB, said.

“Privacy-related options should be offered in an objective and neutral manner, avoiding any type of misleading or manipulative language or design.”

In a statement shared on its website, the company at variance with the decision and said criticism focuses on features and settings that were in place three years ago, which have since been changed by setting all accounts under 16 as private by default. It is immediately clear whether the company intends to appeal the decision.

The company also announced that it will roll out a redesigned account registration process for new users aged 16 and 17 at the end of the month, who will be pre-screened for a private account. TikTok has around 134 million monthly users in the EU

TikTok was previously fined 5 million euros (about $5.4 million) by the French data protection body in January 2023 for violating cookie consent rules and making the mechanism unsubscribe more complex than membership.

The development comes days after California’s attorney general announced that Google would pay $93 million to settle a privacy lawsuit alleging the company violated the state’s consumer protection laws by collecting user location data for consumer profiling and advertising purposes without informed consent.