TikTok faces €345m fine from EU regulator for child data breaches

The Data Protection Commission (DPC) of Ireland, a crucial EU regulator, imposed a €345 million fine on Chinese-owned social media platform TikTok over breaches related to child data. The fine is equivalent to approximately $369 million, as disclosed by the DPC in a recent statement following a two-year inquiry that uncovered the breaches.

The DPC granted TikTok a three-month period to align its data processing practices with EU rules. Ireland’s DPC plays a significant role in enforcing the European Union’s stringent General Data Protection Regulations (GDPR).

The inquiry, initiated in September 2021, scrutinized TikTok’s compliance with GDPR concerning platform settings and personal data processing for users under 18. It also evaluated TikTok’s age verification measures for those under 13, finding no infringement but identifying inadequate risk assessment for younger users registering on the platform.

The ruling by DPC highlighted how children signing up for TikTok had their accounts set to public by default, allowing anyone to view or comment on their content. The regulator also criticized TikTok’s “family pairing” mode, designed to link parents’ accounts to their teenage offspring, pointing out that the company did not adequately verify parent or guardian status.

Ireland, hosting the European headquarters of TikTok, is pivotal in enforcing the GDPR regime, given its role in regulating major tech entities. TikTok, a division of Chinese tech giant ByteDance, is immensely popular among young users, boasting 150 million users in the United States and 134 million in the European Union.

TikTok responded to the fine, expressing respectful disagreement with the verdict and stating that it is evaluating its next steps. The platform emphasized that the criticized features and settings were modified well before the investigation commenced, including setting all accounts under 16 to private by default.