TikTok hit with €345m fine over processing child user data
The Data Protection Commission (DPC) has imposed a fine of €345 million on TikTok following an investigation into how the social network processes children’s user data.
The investigation, which covered the period between 31 July-31 December 2020, focused on platform settings and information transparency for child users and age verification. The DPC found against the social network on five grounds:
- Setting profiles for child users as ‘public’ by default.
- The ‘Family Pairing’ setting allowed a non-child user (who could not be verified as a parent or guardian) to pair their account to a child user’s account. This allowed the non-child user to enable direct messages for child users above the age of 16.
- Any additional possible risks to children under the age of 13 who gained access to the platform.
- Failure to providee sufficiently transparent information to child users.
- Implementing of ‘dark patterns’ prompting users to choose more privacy-intrusive options during the registration process and when posting videos.
On top of the fine TikTok has been issued with a reprimand and given three months to bring its data processing methods into compliance with the General Data Protection Regulation.
TikTok’s recently opened a data centre in Dublin specifically to deal with the processing of data generated by users in the EU. It also announced plans for a second data centre for the capital.
A representative from TikTok said: “We respectfully disagree with the decision, particularly the level of the fine imposed.”
“The DPC’s criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under 16 accounts to private by default.”