News Hub

TikTok fined £296m for violating GDPR rules on handling children’s data

Written by Wed 20 Sep 2023

TikTok has been fined £296 million ($366 million) for breaching GDPR rules relating to handling children’s accounts. This is TikTok’s largest fine from regulators to date.

The Irish Data Protection Commission (DPC) found that the social media giant had breached GDPR rules multiple times. The DPC said TikTok failed to adequately consider the potential risks faced by underage users who accessed the platform.

“We respectfully disagree with the decision, particularly the level of the fine imposed,” said a spokesperson for TikTok.

The DPC said TikTok placed child users’ accounts on a public setting by default and failed to offer the users clear information about how their data was handled.

It also found that TikTok’s ‘family pairing’ feature allowed adults to access and control a child’s account. TikTok reportedly did not check if the adult paired to the account was in fact related to the child.

“The DPC’s criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under-16 accounts to private by default,” added the spokesperson.

TikTok said they have since resolved the issues identified in the inquiry. As of 2021, all TikTok accounts for users aged 13 to 15, both new and existing, have been automatically set to private. This means only individuals approved by the user can access their content.

Contentious Ruling

Regulatory bodies from Italy and Germany disagreed with some aspects of the DPC’s ruling. As a result, the case was sent to the European Data Protection Board (EDPB), a collective body of data and privacy regulators from EU member states.

The EDPB overruled certain points in the DPC’s ruling. The DPC then had to include a finding by the German regulator that the use of ‘dark patterns’ breached GDPR on the fair processing of personal data.

‘Dark patterns’ refers to deceptive website and app designs used to steer users into certain behaviours or decisions.

In 2023, the Information Commissioner’s Office (ICO) fined TikTok £12.7 million ($15.7 million) for breaching data protection laws. This included failing to use children’s personal data lawfully. The ICO estimated that up to 1.4 million under 13s in the UK were able to use the video sharing app in 2020.

In September 2023, TikTok opened its first European data centre to address concerns about privacy. The new facility is based in Dublin, Ireland.

Hungry for more tech news?

Sign up for your weekly tech briefings!

Written by Wed 20 Sep 2023

Send us a correction Send us a news tip