TikTok, the popular social media platform owned by Bytedance, has been fined $370 million by Ireland's Data Protection Commission (DPC) for violating European Union privacy laws related to the handling of children's data. The DPC's investigation found that TikTok had set accounts for users under the age of 16 to "public" by default and failed to verify whether a user was a child's parent or guardian when using the "family pairing" feature.
As the lead regulator in the EU for many global tech firms, the DPC has the authority to impose fines and order companies to bring their processing into compliance. TikTok has expressed disagreement with the decision, particularly the size of the fine, and stated that most of the issues raised by the DPC are no longer relevant due to measures the company implemented before the probe began. TikTok had already introduced tougher parental controls and changed the default setting for users under 16 to "private".
In response to the fine, TikTok plans to update its privacy materials to make the distinctions between public and private accounts clearer. It also intends to pre-select a private account for new 16- and 17-year-old users when they register for the app later this month.
This is not the first time the DPC has taken action against a tech company for privacy breaches. Last year, it fined Meta (formerly Facebook) $276 million after a data leak affecting half a billion users. It also fined Meta's chat service, WhatsApp, 225 million euros the year before for violating data sharing rules. The DPC is currently conducting a second probe into TikTok's transfer of personal data to China to determine compliance with EU law.
TikTok has faced scrutiny in the United States over concerns about data security and the potential for user data to be accessed by the Chinese government. The app is banned on federal government devices, and many states also prohibit its use on government-owned devices. Montana has issued a statewide ban on TikTok set to take effect in January, which is currently being challenged in court.
Overall, the DPC's fine against TikTok highlights the EU's strict data privacy laws and the regulator's commitment to enforcing them. TikTok's response indicates its efforts to address the issues raised and improve privacy protections for its users. The ongoing concerns in the United States regarding data security and TikTok's ties to China continue to shape the regulatory environment for the platform.