TikTok, the popular social media platform, has been fined €345 million by the Irish Data Protection Commission (DPC) for violating the European Union’s General Data Protection Regulation (GDPR). This decision sets a new record for GDPR sanctions and highlights concerns about data protection and privacy in the digital age.
The DPC began investigating TikTok two years ago after pressure from other EU data protection authorities and consumer protection groups. The investigation focused on how TikTok handled personal data of child users and its transparency obligations. The DPC identified multiple violations, including fairness, transparency, data security, and the rights of data subjects.
One key issue investigated was TikTok’s “Family Pairing” feature, which allowed non-child users to connect with child accounts without identity verification. This raised concerns about the safety and privacy of underage users. Additionally, TikTok’s default account settings allowed anyone to view content posted by child users, putting them at risk.
TikTok’s head of privacy in Europe claimed that accounts of users aged 13-15 were already set to private by default. However, the DPC found that child accounts were still set to public, allowing public comments and features that compromised privacy. This failure to protect underage users clearly violated GDPR regulations.
The resulting sanctions, escalated with involvement from the European Data Protection Board (EDPB), show how seriously European privacy regulators address child protection concerns. Privacy regulators throughout Europe have imposed significant fines related to these concerns. TikTok, however, disagrees with the decision and the size of the fine and may appeal the ruling in Ireland.
This is not the first time TikTok has faced regulatory action for data protection violations. Last year, Instagram, owned by Meta, was fined €405 million by the DPC for similar breaches involving children. The UK’s data protection authority, the ICO, also imposed its own penalty on TikTok this year. Investigations into TikTok’s data exports are ongoing within the EU, raising concerns about data transfers outside the bloc.
With over 134 million monthly active users in the EU, TikTok holds a significant amount of personal data. This highlights the importance of prioritizing data protection and privacy. The GDPR aims to protect individuals’ rights in the digital age, and regulators are determined to hold companies accountable for compliance.
TikTok has until December to rectify its GDPR compliance and address the violations identified by the DPC. The final decision on the TikTok investigation will be made in 2024, allowing ample time for the company to demonstrate its commitment to safeguarding the privacy and data of its users, especially children.
This record-breaking fine against TikTok sends a strong message to other major tech companies that the EU is committed to enforcing data protection regulations. The decisive action by the DPC sets a precedent for upholding privacy rights and emphasizes the need for companies to prioritize the safety and well-being of their users, particularly vulnerable individuals like children.
In a digital landscape where personal data is increasingly at risk, it is crucial for regulators to hold companies accountable for their data protection practices. The TikTok case serves as a reminder that no entity is above the law and that individuals’ privacy rights must be protected online. As privacy concerns come to the forefront, this significant fine against TikTok serves as a warning to all companies that data protection is a matter that should be taken seriously.